Clik here to view.
Finding an Injected iframe
Mass injection attacks that compromise thousands of websites are now a common occurrence on the Internet. One of the more recent attacks was DarkLeech. Darkleech compromised thousands of servers...
View ArticleMy Journey into Academia
The frequency of my blog posts was slowly decreasing until I finally reached the point when I decided to take a hiatus from jIIr. My decision to stop blogging wasn’t because my heart is no longer in...
View ArticleTools to Grab Locked Files
Sometime ago I released my Tr3Secure Volatile Data Collection Script which is a dual purpose triage script. The script can not only be leveraged “to properly preserve and acquire data from live...
View ArticleClik here to view.
Tr3Secure Data Collection Script Reloaded
There are a few movies I saw in my childhood that had an impact on me. One of those movies was Back to the Future. To this day I still have vivid memories leaving the theater after watching it and...
View ArticleClik here to view.
Triaging Malware Incidents
Triage is the assessment of a security event to determine if there is a security incident, its priority, and the need for escalation. As it relates to potential malware incidents the purpose of...
View ArticleLinkz 4 Free Infosec and IT Training
In this day and age budgets are shrinking, training funds are dwindling, and the threats we face continue to increase each day. It's not feasible to solely rely on training vendors to get your team up...
View ArticleRe-Introducing the Vulnerability Search
In the past I briefly mentioned the Vulnerability Search but I never did a proper introduction. Well, consider this post its formal introduction. The Vulnerability Search is a custom Google that...
View ArticleLinkz for Incident Response
Due to changes with my employer last Spring my new responsibilities include all things involving incident response. I won’t go into details about what I’m doing for my employer but I wanted to share...
View ArticleClik here to view.
Revealing the RecentFileCache.bcf File
The Application Experience and Compatibility feature is considered one of the pillars in the in Microsoft Windows operating systems. Microsoft states in reference to the Microsoft Application...
View ArticleClik here to view.
Revealing Program Compatibility Assistant HKCU AppCompatFlags Registry Keys
The Application Experience and Compatibility feature ensures compatibility of existing software between different versions of the Windows operating system. The implementation of this feature results in...
View ArticleClik here to view.
Malware and the Self-Deleting Batch File Method
Data destruction is an anti-forensic technique where data is deleted to limit the amount of forensic evidence left on a system. One data destruction anti-forensic technique leveraged by malware are...
View ArticleClik here to view.
It Is All About Program Execution
Computer users are confronted with a reoccurring issue every day. This happens regardless if the user is an employee doing work for their company or a person doing online shopping trying to catch the...
View ArticleMy Journey into Academia Part Two
I have always maintained a strong separation between jIIr -which is my personal blog - and the work I do for my employers. For one time, for one post I'm blurring the lines between my personal...
View ArticleClik here to view.
Linkz 4 Mostly Malware Related Tools
It's been awhile but here is another Linkz edition. In this edition I'm sharing information about the various tools I came across over the past few months.Process Explorer with VirusTotal IntegrationBy...
View ArticleClik here to view.
Exploring Windows Error Reporting
The Application Experience and Compatibility feature ensures compatibility of existing software between different versions of the Windows operating system. The implementation of this feature results in...
View ArticleClik here to view.
Lose Yourself in the DFIR Music
"Look, if you had one shot, or one opportunity,To seize everything you ever wanted. One momentWould you capture it or just let it slip?"~ EminemEverybody has a story. Everybody has a reason about why...
View ArticleClik here to view.
Exploring the Program Inventory Event Log
The Application Experience and Compatibility feature ensures compatibility of existing software between different versions of the Windows operating system. The implementation of this feature results in...
View ArticleHolding the Line
You end up having to talk to a range of people when building out an internal incident response process. It's a natural consequence because the way people did things in the past is changing and these...
View ArticleClik here to view.
Triaging with the RecentFileCache.bcf File
When you look at papers outlining how to build an enterprise-scale incident response process it shows the text book picture about what it should look like. It's not until you start building out the...
View ArticleClik here to view.
CVE 2013-0074 & 3896 Silverlight Exploit Artifacts
Artifact NameExploit Artifacts for CVE 2013-0074/3896 (Silverlight) VulnerabilitiesAttack Vector CategoryExploitDescriptionTwo vulnerabilities present in Microsoft Silverlight 5 that in combination...
View Article
