Overview
About Me 🧝♀️
Blog ✍️
In this section I am posting some intersting cases that I’ve encountered (real-life problems as well as some crackme and puzzles).
Incident Investigation 🔎 🥷
I found it quite hard to separate incident response and digital forensics articles from one another. For now I am seeing incident response as a more general process that could require more thorough examination (digital forensics) but not neccessarilly. As I see it, we have an event, start IR process to determine whether it’s malicious. Identify compromised hosts and map the artifacts to ATCK MITRE framework. Then, to be able to fully contain and remediate the incident, we call for DF, trying to analyse malware, analyse the registry on Windows, recover data from unallocated space etc in order to reconstruct the whole picture in detail. So, roughly speaking, IR is about sketching and DF is about details.
📜 Artefacts DB
A wide range of artefacts can be used to analyse computer activity. Each artefact may vary significantly and require different tools and approaches. Therefore, this section is dedicated to the artefacts database.
⚔️ Attacks DB
This section is designed in the following way: some aspects of computer systems are being analysed, how they work along with possible attacks, their mitigations, bypass techniques for the mitigations and finally the patterns and tools that could be used to detect those attacks. Most of them will have some link to the corresponding artefacts DB section/article.
Cryptography 🔐
This section is about deifferent cryptographic algorithms, decryption methods, live examples and also applications of cryptographic methods.
🔎 Investigation Tactics Techniques and Procedures
🛠️ Tools DB
This is about … .
📚 Technical Reference
Notes
This section is just a bunch of unrelated data that I was putting down during some online course or when reading a book.