Blog

My DFIR Blog

And other Cyber related things

Its been a few months since I wrote about my new project PasteHunter When I first wrote the app it was a fairly simple single threaded app that followed a simple work flow:

  • Fetch list of pastes
  • Fetch each paste
  • Scan paste with yara
  • Write to elastic search

This was a good start but I wanted...

Continue reading...

From a security analytics and Threat Intelligence perspective Pastebin is a treasure trove of information. All content that is uploaded to pastebin and not explicitly set to private (which requires an account) is listed and can be viewed by anyone.

tl;dr Using Yara Rules to find and save interes...

Continue reading...

tldr; SANS released the 2016 Christmas Holiday Hack Challenge.This serves as my official submitted answer, and my offering to you dear reader in case you want to see how I approached the challenges.

So settle in this is going to be a long post. At the time of writing the challenge is still live an...

Continue reading...

I like Chromebooks! They are cheap, light, easy to use and have great battery life. But they can also be quite limiting sticking to Chrome OS if you need to do some real Dev work.

For the most part Chrome OS is good enough for me. I run a lot of Virtualized Hardware (ESXi) and this can be accessed...

Continue reading...

Let me start by stating this is not an exploit or a vulnerability in LastPass. This is just extracting any data that may remain in memory during a forensics acquisition. At some point the data must be in clear.

I was reading the Art Of Memory Forensics, (if you don't own this I highly recommend...

Continue reading...