Artwork

Player FM - Internet Radio Done Right

158 subscribers

Checked 6d ago
추가했습니다 seven 년 전
Michael and Digital Forensic Survival Podcast에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Michael and Digital Forensic Survival Podcast 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
icon Daily Deals

DFSP # 461 PSEXEC

16:50
 
공유
 

Manage episode 455961071 series 2391247
Michael and Digital Forensic Survival Podcast에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Michael and Digital Forensic Survival Podcast 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

This week, we’re diving into how to triage for PSEXEC evidence. PSEXEC leaves traces on both the source and target systems, making it essential to identify artifacts on each to determine whether a system was used as an attacker’s tool or was the target of an attack. While PSEXEC has somewhat fallen out of favor due to increased use of PowerShell for similar activities, it remains a commonly abused utility among attackers. In this episode, we’ll break down the key artifacts and methodologies for effective triage.

  continue reading

467 에피소드

Artwork

DFSP # 461 PSEXEC

Digital Forensic Survival Podcast

158 subscribers

published

icon공유
 
Manage episode 455961071 series 2391247
Michael and Digital Forensic Survival Podcast에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Michael and Digital Forensic Survival Podcast 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

This week, we’re diving into how to triage for PSEXEC evidence. PSEXEC leaves traces on both the source and target systems, making it essential to identify artifacts on each to determine whether a system was used as an attacker’s tool or was the target of an attack. While PSEXEC has somewhat fallen out of favor due to increased use of PowerShell for similar activities, it remains a commonly abused utility among attackers. In this episode, we’ll break down the key artifacts and methodologies for effective triage.

  continue reading

467 에피소드

모든 에피소드

×
 
Security risk assessments can be a tool for guiding and prioritizing incident response investigations. By evaluating the potential impact and likelihood of various threats, these assessments provide a structured framework to identify and mitigate risks effectively. This episode will explore how integrating security risk assessments into incident response workflows enhances response strategies.…
 
This week, we’re focusing on the Windows Prefetch artifact—a cornerstone in Windows forensics, especially for user endpoint investigations. In this episode, I’ll break down the Prefetch artifact from an investigative perspective, covering how to effectively leverage its evidence in forensic analysis. I’ll also highlight any recent changes to the artifact that may impact its value, ensuring you’re aware of everything you need to know for your investigations.…
 
This week, we’re exploring malware triage techniques. Unlike full binary analysis, malware triage is often seen as an essential skill that every digital forensic and incident response professional should master. In this episode, I’ll walk you through the core elements of malware triage, helping you understand the various skills needed to meet industry expectations. By the end, any analyst should feel confident in examining a binary and applying these techniques to uncover potential malicious content.…
 
This week, we’re diving into how to triage for PSEXEC evidence. PSEXEC leaves traces on both the source and target systems, making it essential to identify artifacts on each to determine whether a system was used as an attacker’s tool or was the target of an attack. While PSEXEC has somewhat fallen out of favor due to increased use of PowerShell for similar activities, it remains a commonly abused utility among attackers. In this episode, we’ll break down the key artifacts and methodologies for effective triage.…
 
Understanding how to search for executables is a critical skill in computer forensics. There are major differences in how executables are handled between Windows and Linux systems, so techniques that work on Windows won’t always translate effectively to Linux. In this episode, I’ll break down some triage techniques to help you quickly identify suspicious executables on Linux systems.…
 
Welcome to today’s episode! We’re diving into network triage, focusing specifically on listening ports. While we often look for active connections, identifying suspicious services listening on a port can be equally crucial in your investigation. It’s essential to gather this information for both current, real-time data and historical analysis, providing a more complete view of network activity.…
 
In this episode, we’ll dive into two essential forensic artifacts in Windows: shellbags and the Program Compatibility Assistant (PCA). Shell bags provide valuable evidence of file and folder access, offering insights into user activity and file navigation. We’ll also explore PCA, which can reveal important information about file execution history. Together, these artifacts play a crucial role in uncovering key forensic details during investigations.…
 
The Linux subsystem for Windows, create both opportunity and challenges for forensic analysts. It makes Windows an excellent platform for multi platform forensic analysis tasks, allowing it to take advantage of the many Linux tools available. The challenges are foreseeable, you have Linux artifacts, now commingled on a Windows platform, which makes forensic analysis that much more difficult when examining such a system as evidence. This week I'm going to break down the Linux subsystems for forensic investigators…
 
Today, we’re going to explore how to handle a critical security event: Unauthorized Modification of Information. This type of event occurs when a user alters information in a system—whether it’s an application, database, website, server, or configuration files—without prior authorization. These modifications can range from impersonation and unauthorized system updates to more sophisticated techniques such as SQL injections, privilege escalations, and configuration file tampering.…
 
In today’s episode, we’ll focus on startup folders, which are perhaps the easiest to triage among all persistence mechanisms. But before diving in, let’s recap the journey so far to underscore the importance of a comprehensive approach rather than a one-off tactic. Each triage area we've covered plays a crucial role in identifying and stopping attacks...…
 
In 2024, AI has not only revolutionized how we defend against cyber threats but also how those threats are being carried out. We'll explore how AI is enabling faster, more efficient security incident responses, with real-world examples of its application in automated threat detection and response, advanced forensics, and more. But with every technological leap forward, there's a dark side and attackers are harnessing AI to orchestrate sophisticated attacks...…
 
Loading …

플레이어 FM에 오신것을 환영합니다!

플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.

 

icon Daily Deals
icon Daily Deals
icon Daily Deals

빠른 참조 가이드

탐색하는 동안 이 프로그램을 들어보세요.
재생