Active Debug Code

Overview dfir-unfurl is an Unfurl takes a URL and expands "unfurls" it into a directed graph Affected versions of this package are vulnerable to Active Debug Code due to improper parsing of the debug configuration value, which is always interpreted as truthy and enables the Werkzeug debugger...

Improper Handling of Highly Compressed Data (Data Amplification)

Overview dfir-unfurl is an Unfurl takes a URL and expands "unfurls" it into a directed graph Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the zlib.decompress function in the compressed data parsing process. An attacker can...

Tackling AI threats. Advanced DFIR methods and tools for deepfake detection

TL; DR AI-generated documents, videos and more pose significant challenges for DFIR DFIR teams can harness innovative detection strategies and tooling Digital fingerprinting and watermarking, AI-powered and behavioural analyses Hardware-based forensics and image-specific forensic techniques...

Finding the LNK: Techniques and methodology for advanced analysis with Velociraptor

Malicious exploitation of LNK files, commonly known as Windows shortcuts, is a well-established technique used by threat actors for delivery and persistence. While the value of LNK forensics for cyber threat intelligence CTI is fairly well-understood, analysts may overlook less well-known data...

CVE-2024-45412

Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial o...

CVE-2024-45412

The CVE-2024-45412 entry affects Yeti Platform versions prior to 2.1.11. The vulnerability arises from remote user-controlled data tags undergoing Unicode normalization with the NFKD form, which on Windows can be resource-intensive and lead to denial of service, potentially exacerbated by large p...

~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation

Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public disclosure. Tracked as CVE-2023-22527 CVSS score: 10.0, the vulnerability impacts out-of-date versions of the...

Integrated DFIR Tool Can Simplify and Accelerate Cyber Forensics

Explore real use cases demonstrating the transformative impact of Trend Vision One™ – Forensics, an integrated Digital Forensics and Incident Response DFIR tool...

What’s New in Rapid7 Detection & Response: Q3 2023 in Review

This post takes a look at some of the investments we've made throughout Q3 2023 to our Detection and Response offerings to provide advanced DFIR capabilities with Velociraptor, more flexibility with custom detection rules, enhancements to our dashboard and log search features, and more. Stop...

Proactively Prevent Breaches with Expanded Endpoint Protection in Rapid7 MDR

Working with thousands of security and risk professionals across the globe, we know that complexity is the top challenge SOCs are facing today. As the attack surface rapidly expands, security teams need more effective ways to keep pace with digital transformation and get out of the cycle of...

Join us for VeloCON 2023: Digging Deeper Together!

September 13, 2023 at 9 am ET Rapid7 is thrilled to announce that the 2nd annual VeloCON: Digging Deeper Together virtual summit will be held this September 13th at 9 am ET. Once again, the conference will be online and completely free! VeloCON is a one-day event focused on the Velociraptor...

VeloCON 2023: Submissions Wanted!

Rapid7 is thrilled to announce that the 2nd annual VeloCON virtual summit will be held this September date TBD, with times oriented to the continental USA time zones. Once again, the conference will be online and completely free! VeloCON is a one-day event focused on the Velociraptor community...

The Velociraptor 2023 Annual Community Survey

By Dr. Mike Cohen & Carlos Canto Velociraptor is an open-source project led and shaped by the community. Over the years, Velociraptor has become a real force in the field of DFIR, making it an obvious choice for many operational situations. Rapid7 is committed to continue making Velociraptor the...

DFIR via XDR: How to expedite your investigations with a DFIRent approach

Rapid technological evolution requires security that is resilient, up to date and adaptable. In this article, we will cover the transformation in the field of DFIR digital forensics and incident response in the last couple years, focusing on the digital forensics' aspect and how XDR fits into the...

ICYMI: 10 Cybersecurity Acronyms You Should Know in 2023

Cybersecurity is acronym-heavy to say the least. If you’re reading this, you already know. From CVE to FTP, we in IT love our abbreviations, FR FR. Truthfully though, it can be a bit much, and even the nerdiest among us miss a few. So, In Case You Missed It, here are 10 cybersecurity acronyms you...

Collect-MemoryDump - Automated Creation Of Windows Memory Snapshots For DFIR

Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR Collect-MemoryDump.ps1 is PowerShell script utilized to collect a Memory Snapshot from a live Windows system in a forensically sound manner. Features: Checks for Hostname and Physical Memory Size before starting memory...

VeloCON 2022: Digging Deeper Together!

September 15, 2022 | Live at 9 am EDT | Virtual and Free Join the open-source digital forensics and incident response DFIR community for a day-long, virtual summit as we DIG DEEPER TOGETHER! Have you ever wanted to share your passion and interest in Velociraptor with the rest of the community?...

The Benefits of Building a Mature and Diverse Blue Team

A few days ago, a friend and I were having a rather engaging conversation that sparked my excitement. We were discussing my prospects of becoming a red teamer as a natural career progression. The reason I got stirred up is not that I want to change either my job or my position, as I am a happy...

Velociraptor Version 0.6.5: Table Transformations, Multi-Lingual Support, and Better VQL Error-Handling Let You Dig Deeper Than Ever

Rapid7 is pleased to announce the release of Velociraptor version 0.6.5 – an advanced, open-source digital forensics and incident response DFIR tool that enhances visibility into your organization’s endpoints. This release has been in development and testing for several months now, and we are...

Ma2Tl - macOS Forensic Timeline Generator Using The Analysis Result DBs Of Mac_Apt

This is a DFIR tool for generating a macOS forensic timeline from the analysis result DBs of macapt. Requirements Python 3.7.0 or later pytz tzlocal xlsxwriter Installation % git clone https://github.com/mnrkbys/ma2tl.git Usage % python ./ma2tl.py -h usage: ma2tl.py -h -i INPUT -o OUTPUT -ot...