Mindblown: a blog about DFIR.

Understanding and analyzing these terms can help forensic investigators uncover valuable evidence, track user activity, reconstruct file timelines, and gain insights into system events. It is important to note that the interpretation and analysis of these artifacts require expertise in digital forensics to ensure accurate and reliable results. These are just a few digital artifacts…

Sysmon (System Monitor) is a powerful Windows system utility developed by Microsoft’s Windows Sysinternals team. It provides extensive visibility and detailed system activity monitoring, aiding malware analysts in detecting and investigating malicious behavior on a Windows system. By capturing event information from various operating system components, Sysmon helps analysts gain insight into system and network…

Unquoted service path refers to a vulnerability where the file path of a Windows service is not properly enclosed in quotation marks when it contains spaces. This could lead to the execution of unintended and malicious files instead of the intended service executable. In Windows operating systems, services are essential components that run in the…

As a malware analyst, understanding UAC (User Account Control) bypass techniques can be crucial for analyzing and mitigating potential threats. UAC is a security feature in Windows that helps prevent unauthorized changes to the system by requesting administrator approval or credentials before allowing certain actions to be executed. However, some malware strains attempt to bypass…

As a malware analyst, you may find WSUS (Windows Server Update Services) to be a valuable tool in your workflow for analyzing and understanding malware. WSUS is a Microsoft tool that allows administrators to manage the distribution of Windows updates within a network environment. Here’s how WSUS can be helpful for a malware analyst: By…

Session Initiation Protocol (SIP) is a signaling protocol used in Voice over IP (VoIP) communication systems1. It facilitates establishing, modifying, and terminating multimedia sessions between participants over an IP network. SIP handles call setup, call control, and session management. Here’s an overview of how the SIP protocol works: SIP also supports additional functionalities such as…

The DFS (Distributed File System) protocol is a network file-sharing protocol that allows users to access and manage files distributed across multiple servers as a single logical file system. It provides a unified view of distributed file resources to clients, making accessing files stored across different servers or locations easier. Here are some key points…

Sure, here are some guidelines for NTP hardening based on available sources: Note that these are just general guidelines for NTP hardening, and organizations are advised to customize their approach based on their specific security requirements and environment. Sources:

Network File System (NFS) is a distributed file system protocol used by network-based storage systems and servers to share data among network nodes. NFS is an open standard protocol allowing users to access files over a network as though local, increasing scalability and flexibility. Here are some main points on NFS from a network perspective:…