CVE-2022-23742

Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links...

Security Bulletin: CVE-2018-1648

Summary The software uses an outdated insecure cipher or it is using a proprietary crypto standard which is likely to be vulnerable. Vulnerability Details CVEID: CVE-2018-1648 Description: IBM QRadar Incident Forensics uses weaker than expected cryptographic algorithms that could allow an attacke...

Velociraptor Version 0.6.4: Dead Disk Forensics and Better Path Handling Let You Dig Deeper

Rapid7 is pleased to announce the release of Velociraptor version 0.6.4 – an advanced, open-source digital forensics and incident response DFIR tool that enhances visibility into your organization’s endpoints. This release has been in development and testing for several months now and has a lot o...

Sharpen Your IR Capabilities With Rapid7’s Detection and Response Workshop

You’re tasked with protecting your environment, and you’ve invested significant time and resources into deploying and configuring your tools — but how do you know if the security controls you’ve put into place are effective? The challenge continues to grow as attacker tactics, techniques, and...

Live-Forensicator - Powershell Script To Aid Incidence Response And Live Forensics

Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation. It achieves this by gathering different system information for further review for anomalous behaviour or unexpected data...

FastFinder - Incident Response - Fast Suspicious File Finder

FastFinder is a lightweight tool made for threat hunting, live forensics and triage on both Windows and Linux Platforms. It is focused on endpoint enumeration and suspicious file finding based on various criterias: file path / name md5 / sha1 / sha256 checksum simple string content match complex...

Wireshark-Forensics-Plugin - A cross-platform Wireshark plugin that correlates network traffic data with threat intelligence, asset categorization & vulnerability data

Wireshark is the most widely used network traffic analyzer. It is an important tool for both live traffic analysis & forensic analysis for forensic/malware analysts. Even though Wireshark provides incredibly powerful functionalities for protocol parsing & filtering, it does not provide any...

Your guide to mobile digital forensics

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with Cellebrite Senior Director of...

Your guide to mobile digital forensics

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with Cellebrite Senior Director of...

Digital-Forensics-Lab - Free Hands-On Digital Forensics Labs For Students And Faculty

Features of Repository =================== Hands-on Digital Forensics Labs: designed for Students and Faculty Linux-based lab: All labs are purely based on Kali Linux Lab screenshots: Each lab has PPTs with instruction screenshots Comprehensive: Cover many topics in digital forensics Free: All...

AzureHunter - A Cloud Forensics Powershell Module To Run Threat Hunting Playbooks On Data From Azure And O365

A Powershell module to run threat hunting playbooks on data from Azure and O365 for Cloud Forensics purposes. Getting Started 1. Check that you have the right O365 Permissions The following roles are required in Exchange Online, in order to be able to have read only access to the UnifiedAuditLog:...

What is fileless malware?

Unlike traditional malware, which relies on a file being written to a disk, fileless malware is intended to be memory resident only, ideally leaving no trace after its execution. The malicious payload exists in the computer’s memory, which means nothing is ever written directly to the hard drive...

NTFSTool - Forensics Tool For NTFS (Parser, MTF, Bitlocker, Deleted Files)

NTFSTool is a forensic tool focused on NTFS volumes. It supports reading partition info mbr, partition table, vbr but also information on bitlocker encrypted volume, EFS encrypted files and more. See below for some examples of the features! Features Forensics NTFSTool displays the complete...

A Matter of Perspective: Agent-Based and Agentless Approaches to Cloud Security, Part 1

When it comes to securing your cloud assets' activities at runtime, the first step is deciding how. There are enough possible solutions that you're likely to find yourself at a crossroads trying to decide between them. The factors that may affect your choice include: Friction level — How...

Velociraptor to Announce Winners of Its 2021 Contributor Competition

Velociraptor and Rapid7 are excited to announce the winners of our 2021 Velociraptor Contributor Competition on Friday, October 8. This competition encourages development of useful content and extensions to the Velociraptor platform. Submissions include new functionality in the form of VQL...

Tracking Stolen Cryptocurrencies

Good article about the current state of cryptocurrency forensics...

AES256_Passwd_Store - Secure Open-Source Password Manager

This script securely encrypts or decrypts passwords on disk within a custom database file. It also features functionality to retrieve passwords from a previously generated database file. This script takes a master password from stdin/from memory, then hashes the password using the specified hashi...

Fedora: Security Advisory for libguestfs (FEDORA-2021-38d1b07839)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: libguestfs-1.45.7-2.fc35

Libguestfs is a library for accessing and modifying virtual machine disk images. http://libguestfs.org Libguestfs uses Linux kernel and qemu code, and can access any type of guest filesystem that Linux and qemu can, including but not limited to: ext2/3/4, btrfs, FAT and NTFS, LVM, many different...

[SECURITY] Fedora 33 Update: libguestfs-1.44.1-2.fc33

Libguestfs is a library for accessing and modifying virtual machine disk images. http://libguestfs.org It can be used to make batch configuration changes to guests, get disk used/free statistics virt-df, perform backups and guest clones, change registry/UUID/hostname info, build guests from scrat...