Skip to content

DMFR SECURITY

another security blog…

malware
incident response
CTF
forensics
pentesting
NSM
crackmes
reviews

Search for:

Category: incident response

Accessibility Features Persistence

On September 10, 2021 By DanielIn incident response, lolbins, persistence, windowsLeave a comment

Abusing Accessibility Features as a persistence mechanism.

Malicious LNK Files

On September 8, 2021 By DanielIn forensics, incident response, malware, persistence, PowerShell, windowsLeave a comment

Malicious LNK files.

Scheduled Task Persistence

On September 7, 2021 By DanielIn windows, incident response, persistenceLeave a comment

Some notes on finding malicious Scheduled Tasks.

Get-ChildItem Performance

On August 23, 2021 By DanielIn forensics, incident response, PowerShell, windowsLeave a comment

I was writing some PowerShell scripts to scan disks for certain types of malware and realized that Get-ChildItem was kind of slow. I googled around and found this site which demonstrated using robocopy.exe and dir as faster alternatives to Get-ChildItem. Here were the results I had searching for LNK files on my disk using both …

Continue reading Get-ChildItem Performance

Cron Persistence

On August 23, 2021 By DanielIn incident response, Linux, malware, persistenceLeave a comment

All about cron persistence

REVIEW: RED TEAM Operator: Windows Evasion Course by SEKTOR7 Institute

On May 8, 2021 By DanielIn incident response, malware, pentesting, reviews, windowsLeave a comment

REVIEW: RED TEAM Operator: Windows Evasion Course by SEKTOR7 Institute.

Enumerating Processes with CreateToolhelp32Snapshot

On April 18, 2021 By DanielIn 100 Days of Code, incident response, malware, programming, windowsLeave a comment

Quick and dirty example of process enumeration using CreateToolhelp32Snapshot

Finding Processes With Suspicious CWD Using procfs

On February 27, 2021February 27, 2021 By DanielIn CTF, forensics, incident response, Linux, malware

Find malware running from temporary directories using procfs.

Finding Masquerading Processes With procfs

On February 27, 2021April 4, 2021 By DanielIn CTF, forensics, incident response, Linux, malware

Find masquerading processes using procfs.

Using procfs For Forensics and Incident Response

On February 23, 2021April 4, 2021 By DanielIn CTF, forensics, incident response, Linux, malware

Using procfs For Forensics and Incident Response.

CTF Triage Data Acquisition

On January 31, 2021April 4, 2021 By DanielIn CTF, forensics, incident response, Linux, windowsLeave a comment

A quick overview of triage data acquisition in the context of attack/defend CTFs.

Accessing Alternate Data Streams on VMDK Images on Linux

On January 10, 2021April 4, 2021 By DanielIn CTF, forensics, incident response, Linux, malware, pentesting, windowsLeave a comment

Accessing Alternate Data Streams on VMDK Images on Linux.

Posts navigation

Archives

September 2021 (13)
August 2021 (13)
May 2021 (4)
April 2021 (23)
February 2021 (5)
January 2021 (6)
December 2020 (8)
February 2020 (2)
November 2019 (1)
October 2019 (2)
December 2018 (3)
July 2018 (1)
May 2017 (2)
April 2017 (5)
January 2017 (1)
December 2016 (4)

ascii assembler base64 bash binary books C c++ CTF cyberchef dfir exiftool forensics hexadecimal hunting incident response kali Linux lolbas lolbins malware memory netcat networking nmap pentesting persistence picoctf PowerShell procfs programming Python reversing reviews security shellcode shell scripting ssh steganography strings ubuntu volatility vulnerability scanning windows wireshark

Blog at WordPress.com.

Blog at WordPress.com.

Loading Comments...

Write a Comment...

Email (Required)

Name (Required)

Website