Find TinyMet with YARA.
Tag: incident response
Scheduled Task Persistence
Some notes on finding malicious Scheduled Tasks.
All about cron persistence
Installing CyberChef Locally on Ubuntu 20.04
I use CyberChef daily for malware analysis, programming, and CTF challenges. Installing CyberChef locally can be handy for general privacy and OPSEC reasons. A local installation also works without internet connectivity. The main drawback of using CyberChef locally is that sharing recipes and data you have decoded with your teammates isn't as straightforward as copying …
Continue reading Installing CyberChef Locally on Ubuntu 20.04
Finding Masquerading Processes With procfs
Find masquerading processes using procfs.
Using procfs For Forensics and Incident Response
Using procfs For Forensics and Incident Response.
Finding Bad With Package Managers
Learn how to use dpkg, rpm, and other related tools to find malware on your systems.