Welcome back, my aspiring cyber warriors! Reverse engineering malware is among the highest-level skill sets in our discipline and it’s salaries reflect elevated position in the cyber security ecosystem. It requires years of diligent study to become proficient and this is good place to start. If you have not yet done so, go back and […]
Continue Reading
In some cases, the forensic investigator will need to grab an image of the live memory. Remember, RAM is volatile and once the system is turned off, any information in RAM will be likely lost. This information may include passwords, processes running, sockets open, clipboard contents, etc. All of this information must be captured before […]
Continue Reading
Most of the work we will be doing in reverse engineering will be with assembler language. This simple and sometimes tedious language can reveal a plethora of information on the source code. When we can’t see or recover the source code of the malware or other software, we can use tools such as dis-assemblers and […]
Continue Reading
Although nearly all Microsoft Windows users are aware that their system has a registry, few understand what it does, and even fewer understand how to manipulate it for their purposes. As a forensic analyst, the registry can be a treasure trove of evidence of what, where, when, and how something occurred on the system. In […]
Continue Reading
Welcome back, my aspiring cyber warriors! In April 2017, a nefarious group known only as the Shadow Brokers, released to the world a group of exploits that had been stolen from the U.S. espionage agency, the National Security Agency (NSA). The NSA is charged with protecting U.S. citizens from terrorist and other threats to U.S. […]
Continue Reading
Welcome back, my aspiring cyber warriors! When conducting a forensic investigation on a suspect’s computer, the first step, of course, is to make a forensically sound image of the storage devices and if the system is running, make a forensically sound image of the RAM, as well. Sometimes, we may want to gain access to […]
Continue Reading
Welcome back, my Metasploit Cyber Warriors! Although Metasploit is an “exploitation framework” primarily used for hacking and penetration testing, it can also be used to provide some rudimentary forensic capabilities. It’s primary usefulness as a forensic tool is to gather evidence from a remote system when the physical system is unavailable to the investigator. In […]
Continue Reading
Welcome back, my fledgling hackers! As we have progressed through this series on Metasploit Basics, we have used numerous techniques to exploit your target system including; 1. SMB Exploits (EternalBlue and MS08_067, for instance); 2. File Format (ms14-0440_sandworm, office_word_hta); 3. Browser Exploits (autopwn, Abobe Flash and numerous others); 4. Social Engineering Toolkit(SET); Custom Payloads with […]
Continue Reading
Welcome back, my aspiring malware analysts! In my introductory tutorials on reverse engineering malware (Part 1-5) we introduced many new concepts. Now its time to put some of those concepts to work and begin analyzing some sample malware! In Part 1 of this series, I pointed out that there are two primary ways of analyzing […]
Continue Reading
Welcome back, my hacker apprentices! Network forensics is key element of most digital forensics and incident response (DFIR) investigations. When our systems have been compromised by an attacker, its up the DFIR investigator to determine the who, what, where and how of the attack. In other words, what can a DFIR investigator learn about the […]
Continue Reading
Thanks for growing with us. To celebrate, we’re giving you 35% OFF all training packages! USE CODE YEAR10
UNLOCK ACCESS TO LIVE & RECORDED CLASSES AND MASTER OTW’S BESTSELLING CYBERSECURITY BOOKS
Click here to see everything included in the training packages
