Mindblown: a blog about DFIR.
-
Network forensics
Network forensics is collecting, analyzing, and interpreting digital evidence from network infrastructure and network traffic for investigative or legal purposes. Network forensic analysis focuses on uncovering information related to network activities, identifying potential security incidents, and gathering evidence to support investigations. This field of digital forensics is commonly carried out by incident response teams, cybersecurity…
-
Analyzing Windows layers
Understanding and analyzing these terms can help forensic investigators uncover valuable evidence, track user activity, reconstruct file timelines, and gain insights into system events. It is important to note that the interpretation and analysis of these artifacts require expertise in digital forensics to ensure accurate and reliable results. These are just a few digital artifacts…
-
How works Sysmon
Sysmon (System Monitor) is a powerful Windows system utility developed by Microsoft’s Windows Sysinternals team. It provides extensive visibility and detailed system activity monitoring, aiding malware analysts in detecting and investigating malicious behavior on a Windows system. By capturing event information from various operating system components, Sysmon helps analysts gain insight into system and network…
-
Unquoted service path vulnerability
Unquoted service path refers to a vulnerability where the file path of a Windows service is not properly enclosed in quotation marks when it contains spaces. This could lead to the execution of unintended and malicious files instead of the intended service executable. In Windows operating systems, services are essential components that run in the…
-
Bypass UAC techniques
As a malware analyst, understanding UAC (User Account Control) bypass techniques can be crucial for analyzing and mitigating potential threats. UAC is a security feature in Windows that helps prevent unauthorized changes to the system by requesting administrator approval or credentials before allowing certain actions to be executed. However, some malware strains attempt to bypass…
-
What is WSUS?
As a malware analyst, you may find WSUS (Windows Server Update Services) to be a valuable tool in your workflow for analyzing and understanding malware. WSUS is a Microsoft tool that allows administrators to manage the distribution of Windows updates within a network environment. Here’s how WSUS can be helpful for a malware analyst: By…
-
How SIP works
Session Initiation Protocol (SIP) is a signaling protocol used in Voice over IP (VoIP) communication systems1. It facilitates establishing, modifying, and terminating multimedia sessions between participants over an IP network. SIP handles call setup, call control, and session management. Here’s an overview of how the SIP protocol works: SIP also supports additional functionalities such as…
-
How DFS works
The DFS (Distributed File System) protocol is a network file-sharing protocol that allows users to access and manage files distributed across multiple servers as a single logical file system. It provides a unified view of distributed file resources to clients, making accessing files stored across different servers or locations easier. Here are some key points…
-
NTP hardening
Sure, here are some guidelines for NTP hardening based on available sources: Note that these are just general guidelines for NTP hardening, and organizations are advised to customize their approach based on their specific security requirements and environment. Sources:
-
How NFS works
Network File System (NFS) is a distributed file system protocol used by network-based storage systems and servers to share data among network nodes. NFS is an open standard protocol allowing users to access files over a network as though local, increasing scalability and flexibility. Here are some main points on NFS from a network perspective:…