Code Obfuscation and Deobfuscation

IR_002
This entry is part 13 of 17 in the series Incident Response and Forensics

Views: 19Code Obfuscation is a technique used to make a script more difficult to read by humans but allows it to function the same from a technical point of view, though performance may be slower. This is usually achieved automatically by using an obfuscation tool, which takes code as an input, and attempts to re-write … Read more

Incident Response

This entry is part 12 of 4 in the series Digital Forensics and Incident Response

Views: 1Incident response, also known as incident handling, is a cyber security function that uses various methodologies, tools and techniques to detect and manage adversarial attacks while minimizing impact, recovery time and total operating costs. Addressing attacks requires containing malware infections, identifying and remediating vulnerabilities, as well as sourcing, managing, and deploying technical and non-technical … Read more

DFIR: Core Windows Processes

This entry is part 2 of 17 in the series Incident Response and Forensics

Views: 32Reference: TryHackMe Room “Core Windows Processes” Core Windows Processes Understanding how the Windows operating system functions as a defender is vital.  Task Manager doesn’t show a Parent-Child process view. That is where other utilities, such as Process Hacker and Process Explorer, come to the rescue. Process Hacker Process Explorer Command-line equivalent of obtaining information about the running … Read more

Practical Threat Hunting using Elastic SIEM: Hunting for Stuxbot

This entry is part 7 of 22 in the series Threat Detection Engineering

Views: 365Based on the INTRODUCTION TO THREAT HUNTING & HUNTING WITH ELASTIC module from HTB-Academy Hunting for Stuxbot The Stuxbot cybercrime group operates with a broad scope, seizing upon opportunities as they arise, without any specific targeting strategy – their motto seems to be anyone, anytime.  The primary motivation behind their actions appears to be espionage … Read more