Windows CrowdStrike BSOD Incident: Steps for Recovery and Mitigation

Spread The Knowledge 😌

Spread The Knowledge 😌        On July 19, 2024, many organizations in the IT world encountered a Blue Screen of Death (BSOD) issue. While it was a work-free Friday for many folks, causing some initial excitement, this incident severely impacted airlines, banks, stock markets, and other businesses across the globe. Let’s dive deep to understand what happened, …

Crucial System Files That Can Be Leveraged by Threat Actors(Unexplored LOLBIN)

Spread The Knowledge 😌

Spread The Knowledge 😌        System files are integral to the smooth operation of your Windows operating system. However, when these files fall into the wrong hands, they can be leveraged for malicious purposes. In this blog, we will discuss their capabilities, and the potential threats they pose. ForFiles.exe Location: ‘C:\Windows\System32\forfiles.exe’ Supported Versions: Windows Vista onwards Capabilities: …

Transforming Python scripts into .exe – a powerful factor of coding prowess.

Spread The Knowledge 😌

Spread The Knowledge 😌        When working in digital forensics, Python scripts are often essential for parsing digital artifacts. However, these scripts typically rely on multiple external modules, which can make them difficult to transport and execute across different environments. As an Incident Responder, having portable executables or batch files that can be run anywhere is crucial …

Investigating a Data Exfiltration Scenario

Spread The Knowledge 😌

Spread The Knowledge 😌        Hi everyone, today I want to discuss a data exfiltration scenario I recently encountered during an investigation. As a security researcher, it’s crucial to identify and understand how attackers are stealing data. Unusual Network Traffic The initial red flag was unusual network traffic patterns, which often indicate potential data exfiltration. This triggered …