I’m a little surprised they didn’t sweep this guy up on criminal charges through a RICO. There’s something the DoJ isn’t telling us here, or which the WSJ didn’t think to ask about.
Expose the physical memory of the target over a TCP port, then connect to the TCP port and mount the physical memory as a file so you can analyze the mounted memory and create a minidump of LSASS for Mimikatz to retrieve credentials.
labs.f-secure.com/blog/rethi…@TimoHirvonen@b3arr0
Quick #DFIR rant: What you write in a report matters. Decisions are made based on your reporting that impact the livelihood of real people.
DFIR isn't a game and it isn't a job where you can phone it in. Pay attention to detail and get it right the first time.
Keeping with the theme of my ShmooCon talk, I wanted to write about how easy it is to combine Meterpreter (or other agents) with LD_PRELOAD to stump defenders.
forensicitguy.github.io/post…
Surge Collect Pro provides scalable & secure memory acquisition of Linux systems. It has built-in support for over 12,000 Linux kernels (and growing), so there is no need to manually compile kernel headers.
volexity.com/products-overvi…#DFIR#infosec#memoryforensics
Internet's safe-keepers forced to postpone crucial DNSSEC root key signing ceremony – no, not a hacker attack, but because they can't open a safe theregister.co.uk/2020/02/13… via @2600net#fb2600
Just a reminder that I'm teaching a two-day Linux Forensics class at Kernelcon in Omaha, Mar 25-26. And to make it more fun, I'm giving away free dinner to one randomly selected attendee. linkedin.com/posts/halpomera…
I've built a SaaS around a much improved HoneyBadger and it needs some field testing. I invite any company doing Active Defense or any interested DOD/DOJ organizations to contact me for trial access. DMs open. Thanks!