Minjector & Memhunter: learning code injection techniques and hunting memory resident malware like a boss (aka at scale) by my friend and McAfee colleague Marcos Oviedo - github.com/marcosd4h/memh… #DFIR #ThreatHunting

Windows Incident Response Cheat Sheet. jpminty.github.io//cheatsheet/DF…

Sliver - Implant framework github.com/BishopFox/sliv…

Magic Unicorn 3.8.1 released. Adds new method for platform detection, obfuscation, and a fix for python2 raw_input when using AMSI bypass. GitHub.com/TrustedSec/Uni… #TrustedSec

My first blog post! Bypassing AV via in-memory PE execution. I've created a tool to go along with the post and help automate creating undetected PEs, links inside the post 😉 blog.dylan.codes/bypassing-av-v…

Nextcloud für kleine und mittlere Unternehmen (KMU) ms-it-consulting.biz/blog/2020/01/n…

Unterstützung durch MSITC bei der Einrichtung von Nextcloud für KMU und Homeuser ms-it-consulting.biz/blog/2020/01/u…

Fünf gute Gründe für den Einsatz von Nextcloud in Unternehmen ms-it-consulting.biz/blog/2020/02/f…

An Italian hospital ran out of ICU valves. A local biz brought a 3D printer to the hospital, redesigned & produced the valves in a few hours. “At the time of writing, 10 patients are accompanied in breathing by a machine that uses a 3D printed valve.” 3dprintingmedia.network/covid-19-3d-pr…

Homeoffice mit Nextcloud für kleine und mittlere Unternehmen in der Corona-Krise ms-it-consulting.biz/blog/2020/03/h…

MSITC ist ab sofort offizieller ESET Silver Partner ms-it-consulting.biz/blog/2020/04/m…

RedMimicry Actor Emulation and Breach Simulation Tool by Alexander Rausch - a great example of how to do it right - vetting - watermarked - YARA and Sigma rules redmimicry.com

abuse.ch: Time to move forward. Your help is needed ⛑️ 👉 abuse.ch/blog/moving-fo…

ms-it-consulting.biz/blog/2021/01/7…

Today: On an endpoint with the most well-known EDR. NtdsAudit.exe blocked. Renamed to pentest.exe, echo 0 >> pentest.exe, pulled back down. No more blocking or alerts. I guess they haven't seen: penconsultants.com/home/binary-fi… Bonus: reversible encryption for the win.

MSITC eBook “Windows Defender entfesselt” ab sofort verfügbar ms-it-consulting.biz/blog/2021/04/m…

#DFIR Pros, noobs, and #infosec junkies - the final walkthrough necessary to answer all of the big questions surrounding the case of the stolen Szechuan Sauce is complete! Learn how to enrich disk image timelines with events pulled from the memory image! dfirmadness.com/case-001-super…