It was another humbling experience to speak at #OSDFCon for the 4th year in a row! Thank you everyone for your kind words, it is much appreciated. Thank you to @carrier4n6 and @basistechnology for hosting another great #OSDFCon! #DFIR#wsl#linux
We’re an hour away from #Converge2021#taniumCTF! The scenario is about Corporate Espionage & Supply Chain Attacks. Challenges will compromise of investigating large-scale intrusions, PCAP Analysis, Network Traffic Analysis, Log Analysis, and Linux Memory Analysis, to name a few.
@CraigHRowland I couldn't agree more! This Reference Guide might be of use to #DFIR professionals. It's from a talk I gave back in 2019 at #OSDFCon: https://t.co/xje5p9Nekm
It was another humbling experience to speak at #OSDFCon for the 4th year in a row! Thank you everyone for your kind words, it is much appreciated. Thank you to @carrier4n6 and @basistechnology for hosting another great #OSDFCon! #DFIR#wsl#linux
It was a great experience to speak at @DFRWS! Thank you everyone for your kind words, it is much appreciated. Thank you @B1N2H3X for encouraging me to submit and Dave Loveall for being an excellent Chair! Impressive execution by the organisers and volunteers! #DFRWSUSA2020#DFIR
95% of our income relies on visitors coming through our doors so our closure has had a huge impact on our plans for the future. We need your support.
💸 Make an individual donation
⚙️ Support us through your company
🧱 Sponsor a brick
♥️ Become a friend
https://t.co/kuS7Hq38rB
New #LOLBin discovered on #WSL2 using wsl.exe to execute arbitrary commands. I've previously shown how to download files using wsl.exe, but it is possible for an adversary to exfiltrate files using wsl with tar over an ssh pipe session without touching known_hosts #infosec#DFIR
New #LOLBin discovered on Windows Subsystem for Linux 2 (#WSL2) using bash.exe with openssl. It is possible for an adversary to download an arbitrary file using the bash.exe binary on #WSL2 Endpoints with an encrypted session using openssl. #infosec#DFIR
New #LOLBin discovered on Windows Subsystem for Linux 2 (#WSL2) using curl.exe. It is possible for an adversary to exfiltrate files using the curl.exe binary on #WSL2 Endpoints. #infosec#DFIR