🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

OneDrive Evolution has been updated to v24.169.0821.0001. Happy exploring. malwaremaloney.blogspot.com/p/onedrive-evo…

After watching Josh's talk at the DFIRSummit, he released the excellent blog too! #DFIR

Has anyone looked into how Windows approaches the creation of .URL files in the Recents folders instead of .LNK files? I only recently looked into it and havent really figured out the way they consistently get created #DFIR

Finally releasing the tool! The Offline SAM Editor is here for IT pros, researchers, and security enthusiasts who want to access and edit SAM databases from offline OS disks. Source code included. Get your access: payments.gtworek.com/buy/54d82b09-4…

Can Do vs. Should Do Matrix. cutlefish.substack.com/p/tbm-1652-can…

The team at Trend Micro has a nice write up on #cryptojacking threat actors using a recent #Confluence #vulnerability for initial access. ⚠️ If you find a crypto minner running, figure out how the threat actor got in, not just simply remove the minner. 🔗 trendmicro.com/en_us/research…

If you're interested in getting into #Linux #logging and evidence collection, this is an excellent write-up from Kostas that compares #EVTX logs on Windows with #Auditd, #SysMon for Linux, and native Linux logging. #DFIR #LinuxForensics #SIEM #CSIRT kostas-ts.medium.com/telemetry-on-l…

Microsoft formally deprecates the 39-year-old Windows Control Panel arstechnica.com/gadgets/2024/0… >> That is some history!

🚨 #DFIR Tool Update Alert 🚨 I’ve updated my script that parses USB Connection artifacts from a mounted Windows volume, to include EID 1006 events from the Windows-Partition-Diagnostic log Includes connect/disconnect times, VSNs & filesystem type github.com/khyrenz/parseu…

Great research into OneDrive private vault data. Crazy that it is stored as a vhdx! I'm always happy to see Microsoft reusing existing formats.

Still time to register for the SANS AI SUMMIT - workshops today! Talks and lightning talks tomorrow! sans.org/cyber-security…

Awesome!

ChromeKatz: Dump cookies and credentials directly from Chrome/Edge process memory. Credential manager creds in plain text with no need to access on disk database! Similarly, CookieKatz dumps decrypted cookies (including incognito mode). github.com/Meckazin/Chrom… (via Spiros Fraganastasis)

💡 Join Certified Instructor Simon Vernon , September 19, as he guides you through configuring, scaling, and securing your logging setup with Azure’s latest feature. 🗓️ 10:00 am ET / 14:00 UTC ⌛️Register now: buff.ly/4fRprPk #SANSCloudAce #CloudSecurity

Cracking OneDrive's Personal Vault by Brian Maloney malwaremaloney.blogspot.com/2024/09/cracki… >> Great explanation and step-by-step instructions!

Anastasia recently added a new Linux disk images section, five more mobile extractions, & one more Windows disk image to our “Publicly-Accessible Disk Images & Mobile Extractions Grid for DFIR” available at ArsenalRecon.com/insights/publi…. Check it out! #DFIR

Location, Location, Location by Ian Whiffin. How does iOS Location Services work? How can we test the reliability of the location data it provides? dfir.pubpub.org/pub/4fkeiv34/r… >> Excellent overview of Cell Siting, WiFi Crowd Sourcing, Bluetooth, and GPS information.

SANS Institute Paller Scholarship applications are open until January 2025. The mission of the program is to identify exceptionally talented international students (non-US citizens) committed to making the world a safer place through cybersecurity. sans.edu/paller-cyberse…