To extract files from Veeam backup you need this utility only. ff8e797fd091f2d1883980af541a493c extract.exe. Your welcome. #DFIR

VNC Malware (TinyNuke, TightVNC) Used by Kimsuky Group asec.ahnlab.com/en/27346/

This is #epic!

I made few changes to the awesome script of Didier Stevens for retrieving #CobaltStrike #DNS beacon. github.com/kartone/Script…. I only added some retrying logic and parametrised the dns domain. All credits to the author of the original script.

If you missed Don A. Bailey Dec 17 workshop, which gave a sneak peek into the attack surface of #RISCV and how to exploit it, catch the replay video here: ringzer0.training/riscv.html. Register for his FULL training course at #CATCH2022 on Feb 21 to learn more about RISC-V attacks.

Hilarious but real. I can play tennis too, apparently.

My bet is that the #Conti #Ransomware group will quickly disappear and from its hashes another group will form. Money is the only thing the vast majority of these criminals care and entering in other worlds, especially political in these days, is the worst thing they can do.

New ransomware samples have appeared for: - Blackcat (ALPHV) ransomware - Lockbit ransomware - Hive ransomware We have uploaded them to abuse.ch to make it easier to download & so they appear in automated feeds.

Securing VMware vSphere references: Top 5 VMware Security Features hub.trimarcsecurity.com/post/the-top-5… Part 1 ESXi Host Versions hub.trimarcsecurity.com/post/securing-… Part 2 Access Controls hub.trimarcsecurity.com/post/securing-… Part 3 Host Controls hub.trimarcsecurity.com/post/securing-… VMWare Security docs.vmware.com/en/VMware-vSph…

I used to read articles and posts on Medium and it was awesome, but titles, my god, I hate those titles. I hate those click-bait titles so much that I’m starting to hate the entire platform.

Before leaving her apartment in Kiev she plays the piano for the last time..

SRUM is maybe one of the best Windows digital forensic artefacts, if you’re willing to roll your sleeves up. You can get proof of execution and execution runtime, as well as proof of network communication and the bytes sent and received Let's take a look in this #DFIR thread🧵

Interview with a VIM Enthusiast 2022 youtu.be/9n1dtmzqnCU via YouTube

This.

It is truly hilarious how we still see managers, or who call themselves managers, spending countless hours in meaningless meetings, without setting an agenda and talking about random things without getting nowhere and starting over every day. Where has productivity gone?

On average, what is the minimum size of a file to be encrypted by a ransomware? #ransomware #malwareanalysis

Tbh I had to read some comments before getting it. Now I can go sleep happier.

Over the last few months, Digital Forensics Discord Server members collaborated on a DFIR book. Today version 1.0 is published, with more content to come as chapters are completed in the future! It's free on Leanpub, so check it out in the following tweet!

#Golang IDA plugins make the lives of Go #malware reverse engineers easier - an absolute gem of a plugin is AlphaGolang from SentinelLabs J. A. Guerrero-Saade. Highly recommended, try it, use it, and enjoy! github.com/SentineLabs/Al…

I know that I’m getting old when a new shiny macbook arrived and I prefer resting on the bed and take a nap with my two children.