Gazillion tickets, gazillion emails a day. The business as usual for most SOCs… It actually doesn’t matter how we got here (although I will cover some bits later on) – […]

I never thought I will write the part 1a of my old post, but here it is. As usual, I have not explored the below topic in-depth, but have certainly […]

I wrote about older Adobe scripting before. I recently discovered that Adobe products support scripting using so-called ExtendScript language with code being stored either in a source-level JSX file, or […]

~12 years ago I felt I am on the top of the (blue side of cyber) world. I knew Windows forensics pretty well, Linux forensics far less, but with some […]

In a recent Twitter exchange with Tim I mentioned my earlier post in which I described a practice of crypto code copypasting being quite prevalent. Such practice is problematic of […]

This one is not a surprise, I hope. Most of forensic artifacts come from either file- or Registry- oriented artifacts. Of course, there is a macOS&OS/X world out there, there […]

This week is longer than I thought, so time to catch up… 🙂 This one is a mess, but sometimes a bit of a mess is not a bad thing. […]

Writing your own sandbox has many advantages – the most important is an ability to collect data only large companies have. Analysing many samples gives us an unique insight into […]

This series got a bit delayed, because I got sick last week. — This is a bit counter-intuitive – why would you want to collect strings related to games? First, […]

Knowing what service name is what is quite useful. The attached list lists many, primarily native OS, and security product-related services that I have aggregated by looking at native services […]

You are either technical, or you are not. What does it mean? Many tried to answer that borderline philosophical question, but as far as I know no one is really […]

There was a time when knowing GUIDs of adware/spyware you could instantly attribute a sample to a known rogue company or group. Of course, these days are long gone, but […]

Reversing is not only hours spent analyzing code. It’s also about collecting interesting data so that it can be used to quickly determine other programs’ functionality in the future. Recognizing […]

Imagine you stop processing your phishing reports today. Just stop. What could be the worst thing that could happen? Hmm ? Of course, some people will still get phished, some […]

Unique PDB debug paths embedded inside malware are useful to detect other variants of the malicious family (not applicable to more advanced malware families where authors either wipe the paths […]

The previous parts of this series were done ‘manually’. I would come across some new type of DLL and would jot down its properties so I would have a point […]

What are Windows file extensions of interest ? Is there a single superset of all possible file extensions that are of interest from a security perspective? I tried to answer […]

Ug_0Security asked, and I am answering 🙂 Not all of them are just from win11, but it’s just a quick diff between what I saw back in 2018 and one […]

With file handlers being yet again a topic du jour it was only natural to try answering a question — how many file protocols are really out there? I tried […]