HunterAgent: Neuro-Symbolic Attack Trace Reconstruction under Anti-Forensics

Modern alert-triage systems reduce SOC burden by filtering false positives, but flagging a high-risk alert is only the start of incident response. Threat hunting requires reconstructing causal attack chains across heterogeneous, partially corrupted logs. Against APTs using anti-forensics parent-P...

SoK: Understanding Anti-Forensics Concepts and Research Practices across Forensic Subdomains

Anti-forensics includes a growing set of techniques designed to obstruct forensic analysis. While cybercriminals increasingly rely on these methods, they also help researchers identify and remedy weaknesses in forensic tools, advancing the overall robustness of digital forensics. Despite repeated...

Cybercrime and Computer Forensics in Epoch of Artificial Intelligence in India

The integration of generative Artificial Intelligence into the digital ecosystem necessitates a critical re-evaluation of Indian criminal jurisprudence regarding computational forensics integrity. While algorithmic efficiency enhances evidence extraction, a research gap exists regarding the Digit...

Improving Cybercrime Detection and Digital Forensics Investigations with Artificial Intelligence

According to a recent EUROPOL report, cybercrime is still recurrent in Europe, and different activities and countermeasures must be taken to limit, prevent, detect, analyze, and fight it. Cybercrime must be prevented with specific measures, tools, and techniques, for example through automated...

penetration-testing-privilege-escalation-post-exploitation

Penetration Testing: Privilege Escalation & Post-Exploitation...

Forensia - Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase

AntiForensics Tool For Red Teamers, Used For Erasing Some Footprints In The Post Exploitation Phase. Reduces Payload Burnout And Increases Detection Countdown. Can Be Used To Test The capabilities of Your Incident Response / Forensics Teams. Capabilities Unloading Sysmon Driver. Gutmann Method Fi...

Pipka Card Skimmer Removes Itself After Infecting eCommerce Sites

A new JavaScript payment card skimmer, dubbed Pipka, has been identified on at least seventeen merchant websites attempting to target site visitors’ payment data. Unlike other skimmers, Pipka removes itself from the HTML code of compromised websites after exfiltrating payment card data – a...

Recent Cloud Atlas activity

Also known as Inception, Cloud Atlas is an actor that has a long history of cyber-espionage operations targeting industries and governmental entities. We first reported Cloud Atlas in 2014 and we've been following its activities ever since. From the beginning of 2019 until July, we have been able...

Sliver - Implant Framework

Sliver is a general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTPS, and DNS. Implants are dynamically compiled with unique X.509 certificates signed by a per-instance certificate authority generated when you first run the binary. The server, client, and implant a...

Usbkill Script Can Render Computers Useless

The idea of needing to disable a computer quickly as the police–or another potential adversary–comes through the door typically has been the concern of criminals. But in today’s climate activists, journalists, and others may find themselves wanting to make their laptops unusable in short order, a...

DFLabs PTK <= 1.0 - Local Command Execution Vulnerability

No description provided by source. ==================================================== Security Research Advisory Vulnerability name: DFLabs PTK Local Command Execution Vulnerability Advisory number: LC-2008-07 Advisory URL: http://www.ikkisoft.com...

ZeroAccess Rootkit Latest in Line of x64 Malware to Appear

Never ones to be left behind as progress marches on, attackers are beginning to develop more and more tools aimed specifically at exploiting 64-bit machines. The latest entry into the field is an x64 version of the ZeroAccess rootkit, a nasty piece of malware that’s been circulating for some time...

Persistent, Covert Malware Causing Major Damage

LAS VEGAS–Security technology and practice have advanced quite a bit in the past few years, but one thing that has become clear is that whatever gains have been made are just not keeping pace with the innovation of attackers. The advances being made by malware authors and crimeware gangs are...

DFLabs PTK 1.0 - Local Command Execution

DFLabs PTK 1.0 - Local Command Execution ==================================================== Security Research Advisory Vulnerability name: DFLabs PTK Local Command Execution Vulnerability Advisory number: LC-2008-07 Advisory URL: http://www.ikkisoft.com...

DFLabs PTK 1.0 - Local Command Execution

==================================================== Security Research Advisory Vulnerability name: DFLabs PTK Local Command Execution Vulnerability Advisory number: LC-2008-07 Advisory URL: http://www.ikkisoft.com ==================================================== 1 Affected Software DFLabs PT...