Week 21 – 2019

Thanks to Lodrina for her work on the Threat Hunting and Malware Analysis sections.

As always, Thanks to those who give a little back for their support!

FORENSIC ANALYSIS

  • On 4n6files the author documents the process of obtaining a full file system image from an iOS 12 device. Previous posts on iOS file system have either pointed to using commercial tools, or previous iOS versions so this is very valuable (provided you have authority and are comfortable jailbreaking devices)
    Creating a File System Image of iOS12  (12.1/16B92)

  • Mattia Epifani, Heather Mahalik, and Cheeky4n6Monkey wrote a paper and scripts to parse Sysdiagnose data from iOS 12 devices
    iOS_sysdiagnose_forensic_scripts

  • Brian Carrier at Cyber Triage describes the variety of tools available to examine an endpoint during an intrusion
    How to Speed Up Incident Response: Faster Analysis (Part 2)

  • Alex Harmon released a PowerShell script that uses DumpIt & AzCopy to dump full Windows guest memory and upload it to Azure Storage for later.
    AzureForensics

  • Korstiaan Stam has posted a few articles on Business Email Compromise; this one covers use cases and “how to identify suspicious behavior in the Office 365 audit logs”
    Responding to a Business Email Compromise – Part 3

THREAT INTELLIGENCE/HUNTING

PRESENTATIONS/PODCASTS

MALWARE

MISCELLANEOUS

SOFTWARE UPDATES

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s