🔏Free Digital Forensics Labs, Slides, and Resources!
🔗https://github.com/frankwxu/digital-forensics-lab
#forensics #digital #DFIR
تیم سورین
🔗https://github.com/frankwxu/digital-forensics-lab
#forensics #digital #DFIR
تیم سورین
GitHub
GitHub - frankwxu/digital-forensics-lab: Free hands-on digital forensics labs for students and faculty
Free hands-on digital forensics labs for students and faculty - frankwxu/digital-forensics-lab
❤2
👩💻غوغا در شب کریسمس: باج افزار Trigona در 3 ساعت
این مقاله در مورد یک حمله سایبری است که در شب کریسمس در سال 2022 رخ داد، زمانی که عوامل تهدید از میزبان (RDP) که به طور عمومی در معرض دید عموم قرار گرفته بود و باجافزار Trigona را در سراسر شبکه مستقر کردند.
این مقاله یک جدول زمانی و تجزیه و تحلیل دقیق از حمله، از جمله ابزارها و تکنیکهای مورد استفاده توسط عوامل تهدید، مانند اسکریپتهای دستهای، Rclone، Netscan و Cobalt Strike را ارائه میکند. این مقاله همچنین توصیه هایی برای پیشگیری و شناسایی حملات مشابه در آینده ارائه می دهد.
🔗https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
#DFIR #ransomware
تیم سورین
این مقاله در مورد یک حمله سایبری است که در شب کریسمس در سال 2022 رخ داد، زمانی که عوامل تهدید از میزبان (RDP) که به طور عمومی در معرض دید عموم قرار گرفته بود و باجافزار Trigona را در سراسر شبکه مستقر کردند.
این مقاله یک جدول زمانی و تجزیه و تحلیل دقیق از حمله، از جمله ابزارها و تکنیکهای مورد استفاده توسط عوامل تهدید، مانند اسکریپتهای دستهای، Rclone، Netscan و Cobalt Strike را ارائه میکند. این مقاله همچنین توصیه هایی برای پیشگیری و شناسایی حملات مشابه در آینده ارائه می دهد.
🔗https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
#DFIR #ransomware
تیم سورین
The DFIR Report
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours
Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona ransomwar…
👌2
📚👩🏼💻#DFIR Regular Expressions
List of #regex for searching and extracting:
- ip adresses
- nicknames
- passwords
- phone numbers
- emails
- filenames
- URLs
and more.
https://github.com/joshbrunty/DFIR-Regular-Expressions
تیم سورین
List of #regex for searching and extracting:
- ip adresses
- nicknames
- passwords
- phone numbers
- emails
- filenames
- URLs
and more.
https://github.com/joshbrunty/DFIR-Regular-Expressions
تیم سورین
👍1
🟦 Selection of training grounds for Blue Team.🟦
• codeby.games— specializes in offensive security, the platform is absolutely free.
• Dfir-Dirva — a collection of free and open material that includes labs and high-quality tasks for blue team preparation.
• Malware-Traffic-Analysis.net (https://www.malware-traffic-analysis.net/) — a resource that positions itself as a repository of tasks and quizzes for traffic analysis.
• Cybrary (https://app.cybrary.it/) — platform for blue team training on practice. For a free subscription, it provides full access to virtual machines with various configurations (vulnerability scanners, SIEM, TIP, etc.), which allows you to practice in real conditions without the need for initial configuration of information security tools.
• Letsdefend — All content is displayed in accordance with the MITER ATT&CR matrix.
• CyberDefenders — platform for Blue Team complex training. На бесплатной основе, it is possible to perform various tasks for incident investigation (archives with logs) and network forensics (traffic dumps in pcap). There are tasks to analyze incidents in Windows, Linux and Android.
• TryHackMe — does not need to be presented. It is worth paying attention to this material: SOC Level 1 , SOC Level 2 and Security Engineer.
تیم سورین
#DFIR
• codeby.games— specializes in offensive security, the platform is absolutely free.
• Dfir-Dirva — a collection of free and open material that includes labs and high-quality tasks for blue team preparation.
• Malware-Traffic-Analysis.net (https://www.malware-traffic-analysis.net/) — a resource that positions itself as a repository of tasks and quizzes for traffic analysis.
• Cybrary (https://app.cybrary.it/) — platform for blue team training on practice. For a free subscription, it provides full access to virtual machines with various configurations (vulnerability scanners, SIEM, TIP, etc.), which allows you to practice in real conditions without the need for initial configuration of information security tools.
• Letsdefend — All content is displayed in accordance with the MITER ATT&CR matrix.
• CyberDefenders — platform for Blue Team complex training. На бесплатной основе, it is possible to perform various tasks for incident investigation (archives with logs) and network forensics (traffic dumps in pcap). There are tasks to analyze incidents in Windows, Linux and Android.
• TryHackMe — does not need to be presented. It is worth paying attention to this material: SOC Level 1 , SOC Level 2 and Security Engineer.
تیم سورین
#DFIR
در زمینه DFIR با فایل های مشکوک زیادی مواجه می شویم که نیاز به تجزیه و تحلیل دارند و عمدتاً آنالیز استاتیک و پویا را برای آنها انجام می دهیم. بسیاری از مردم هنوز این ابزار مجانی و رایگان آنالیز استاتیک را که می خواهم در مورد آن صحبت کنم، نمی دانند، 𝐅𝐢𝐥𝐞𝐀𝐥𝐲𝐳𝐞𝐫.
اگر می خواهید در مورد زندگی درونی فایل ها بیشتر بدانید، FileAlyzer ابزاری است که می توانید در تحقیقات بعدی خود در نظر بگیرید!
✨𝐅𝐢𝐥𝐞𝐀𝐥𝐲𝐳𝐞𝐫 𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐬:✨
⭕️ 𝐀𝐥𝐭𝐞𝐫𝐧𝐚𝐭𝐞 𝐃𝐚𝐭𝐚 𝐒𝐭𝐫𝐞𝐚𝐦𝐬 (𝐀𝐃𝐒):
FileAlyzer makes the additional information in these streams visible through a list of streams associated with the current file, and a basic hex viewer.
⭕️ 𝐀𝐧𝐝𝐫𝐨𝐢𝐝 𝐀𝐩𝐩𝐬:
Android apps are actually zip archives that include the app code and many resources and configuration files. FileAlyzer will display a few app properties, for example the list of permissions.
⭕️ 𝐀𝐧𝐨𝐦𝐚𝐥𝐢𝐞𝐬:
While loading information on the various views of FileAlyzer, it looks for details that are uncommon or wrong. These details may hint at malware behavior.
Each anomaly is described with an ID, a short title, and a description that explains why this detail is unusual, and what it might be used for.
⭕️ 𝐀𝐫𝐜𝐡𝐢𝐯𝐞𝐬:
FileAlyzer displays contents of many common archive types, including .cab, .zip, .chm, NSIS installers, rar, .tar, etc.
⭕️ 𝐀𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐨𝐝𝐞 𝐒𝐢𝐠𝐧𝐚𝐭𝐮𝐫𝐞𝐬:
Signatures allow the user to verify where the program he's using is coming from, to avoid running a malware-infected version.
FileAlyzer displays all details about the signature it finds in a file.
⭕️ 𝐃𝐚𝐭𝐚𝐛𝐚𝐬𝐞𝐬:
FileAlyzer can display the content of some standard database formats like dBase, SQLite3, Ini, Mozilla Preferences, Mozilla or format, or QIF.
⭕️ 𝐏𝐄 & 𝐄𝐋𝐅 𝐚𝐧𝐚𝐥𝐲𝐬𝐢𝐬:
Static Analysis for PE (Disassmber, imports, exports and header) and ELF (header and sections) files formats.
⭕️ 𝐇𝐞𝐱 𝐕𝐢𝐞𝐰𝐞𝐫:
FileAlyzer includes a hexadecimal viewer that displays file content byte for byte
⭕️ 𝐄𝐗𝐈𝐅:
For photos and other graphic files, FileAlyzer will display EXIF information embedded into the file.
⭕️ 𝐏𝐄𝐢𝐃:
PEiD tries to identify packers, cryptors and compilers and determines the files entropy, and FileAlyzer supports the PEiD plugin to display this information.
⭕️ 𝐔𝐏𝐗 𝐃𝐞𝐭𝐚𝐢𝐥𝐬:
Executable files compressed with UPX will be shown with compression details.
⭕️ 𝐕𝐢𝐫𝐮𝐬𝐓𝐨𝐭𝐚𝐥 𝐋𝐨𝐨𝐤𝐮𝐩:
FileAlyzer will be able to display results of dozens on anti-virus engines about the file you currently analyze, either from previous analysis, or by submitting your actual sample (if you want😉).
📌 https://www.safer-networking.org/products/filealyzer/
#DFIR
تیم سورین
اگر می خواهید در مورد زندگی درونی فایل ها بیشتر بدانید، FileAlyzer ابزاری است که می توانید در تحقیقات بعدی خود در نظر بگیرید!
✨𝐅𝐢𝐥𝐞𝐀𝐥𝐲𝐳𝐞𝐫 𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐬:✨
⭕️ 𝐀𝐥𝐭𝐞𝐫𝐧𝐚𝐭𝐞 𝐃𝐚𝐭𝐚 𝐒𝐭𝐫𝐞𝐚𝐦𝐬 (𝐀𝐃𝐒):
FileAlyzer makes the additional information in these streams visible through a list of streams associated with the current file, and a basic hex viewer.
⭕️ 𝐀𝐧𝐝𝐫𝐨𝐢𝐝 𝐀𝐩𝐩𝐬:
Android apps are actually zip archives that include the app code and many resources and configuration files. FileAlyzer will display a few app properties, for example the list of permissions.
⭕️ 𝐀𝐧𝐨𝐦𝐚𝐥𝐢𝐞𝐬:
While loading information on the various views of FileAlyzer, it looks for details that are uncommon or wrong. These details may hint at malware behavior.
Each anomaly is described with an ID, a short title, and a description that explains why this detail is unusual, and what it might be used for.
⭕️ 𝐀𝐫𝐜𝐡𝐢𝐯𝐞𝐬:
FileAlyzer displays contents of many common archive types, including .cab, .zip, .chm, NSIS installers, rar, .tar, etc.
⭕️ 𝐀𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐨𝐝𝐞 𝐒𝐢𝐠𝐧𝐚𝐭𝐮𝐫𝐞𝐬:
Signatures allow the user to verify where the program he's using is coming from, to avoid running a malware-infected version.
FileAlyzer displays all details about the signature it finds in a file.
⭕️ 𝐃𝐚𝐭𝐚𝐛𝐚𝐬𝐞𝐬:
FileAlyzer can display the content of some standard database formats like dBase, SQLite3, Ini, Mozilla Preferences, Mozilla or format, or QIF.
⭕️ 𝐏𝐄 & 𝐄𝐋𝐅 𝐚𝐧𝐚𝐥𝐲𝐬𝐢𝐬:
Static Analysis for PE (Disassmber, imports, exports and header) and ELF (header and sections) files formats.
⭕️ 𝐇𝐞𝐱 𝐕𝐢𝐞𝐰𝐞𝐫:
FileAlyzer includes a hexadecimal viewer that displays file content byte for byte
⭕️ 𝐄𝐗𝐈𝐅:
For photos and other graphic files, FileAlyzer will display EXIF information embedded into the file.
⭕️ 𝐏𝐄𝐢𝐃:
PEiD tries to identify packers, cryptors and compilers and determines the files entropy, and FileAlyzer supports the PEiD plugin to display this information.
⭕️ 𝐔𝐏𝐗 𝐃𝐞𝐭𝐚𝐢𝐥𝐬:
Executable files compressed with UPX will be shown with compression details.
⭕️ 𝐕𝐢𝐫𝐮𝐬𝐓𝐨𝐭𝐚𝐥 𝐋𝐨𝐨𝐤𝐮𝐩:
FileAlyzer will be able to display results of dozens on anti-virus engines about the file you currently analyze, either from previous analysis, or by submitting your actual sample (if you want😉).
📌 https://www.safer-networking.org/products/filealyzer/
#DFIR
تیم سورین
Spybot Anti-Malware and Antivirus
FileAlyzer - Spybot Anti-Malware and Antivirus
Safer-Networking offers a comprehensive set of tools. This one helps you to understand more of your data files.
👍1
Please open Telegram to view this post
VIEW IN TELEGRAM
👍7
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - caesar0301/awesome-pcaptools: A collection of tools developed by other researchers in the Computer Science area to process…
A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors. - caesar0301/awesome-pcaptools
👍1
ابزار MasterParser بهعنوان یک ابزار قوی Digital Forensics و Incident Response است که به دقت برای تجزیه و تحلیل لاگهای لینوکس در فهرست var/log ساخته شده است. MasterParser که به طور خاص برای تسریع فرآیند تحقیق در مورد حوادث امنیتی در سیستمهای لینوکس طراحی شده است، به طور ماهرانه لاگهای پشتیبانی شده مانند auth.log را اسکن میکند، جزئیات حیاتی از جمله ورود به سیستم SSH، ایجاد کاربر، نام رویداد، آدرس IP و موارد دیگر را استخراج میکند. خلاصه تولید شده ابزار این اطلاعات را در قالبی واضح و مختصر ارائه میکند و کارایی و دسترسی را برای پاسخدهندگان حادثه افزایش میدهد.
#IR #DFIR #Linux
تیم سورین
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - securityjoes/MasterParser: MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs - securityjoes/MasterParser
🤩1