• DFSP # 455 Security Control Circumvention
    Nov 5 2024

    Today, we’re going to explore how to handle a critical security event: Unauthorized Modification of Information. This type of event occurs when a user alters information in a system—whether it’s an application, database, website, server, or configuration files—without prior authorization. These modifications can range from impersonation and unauthorized system updates to more sophisticated techniques such as SQL injections, privilege escalations, and configuration file tampering.

    Show more Show less
    33 mins
  • DFSP # 454 MFA Bypass Attacks
    Oct 29 2024

    This week I talk about the attack methods being used to bypass MFA. We'll learn about real-world cases where MFA was circumvented, and discover best practices to strengthen defenses against these types of attacks...

    Show more Show less
    16 mins
  • DFSP # 453 Windows Startup Locations
    Oct 22 2024

    In today’s episode, we’ll focus on startup folders, which are perhaps the easiest to triage among all persistence mechanisms. But before diving in, let’s recap the journey so far to underscore the importance of a comprehensive approach rather than a one-off tactic. Each triage area we've covered plays a crucial role in identifying and stopping attacks...

    Show more Show less
    18 mins
  • DFSP # 452 AI and DFIR
    Oct 15 2024

    In 2024, AI has not only revolutionized how we defend against cyber threats but also how those threats are being carried out. We'll explore how AI is enabling faster, more efficient security incident responses, with real-world examples of its application in automated threat detection and response, advanced forensics, and more. But with every technological leap forward, there's a dark side and attackers are harnessing AI to orchestrate sophisticated attacks...

    Show more Show less
    22 mins
  • DFSP # 451 SQL Triage
    Oct 8 2024

    SQL injection poses significant risks by enabling attackers to access sensitive metadata, execute dynamic SQL commands, and alter system parameters. These actions can lead to unauthorized data access and system disruptions, especially if attackers gain elevated privileges. This week I'm talking about SQL attack patterns from a triage point of view to help you detect such activity when doing log analysis...

    Show more Show less
    26 mins
  • DFSP # 450 Secure coding and DFIR
    Oct 1 2024

    I decided to talk this week about the Importance of Secure Coding Knowledge for Security Incident Response Investigations. Knowing secure coding principles helps identify the root causes of vulnerabilities and recognize attack patterns. It facilitates effective communication and collaboration with developers, ensuring accurate incident reports and actionable recommendations. Secure coding knowledge enhances forensic analysis by aiding in code reviews and log analysis to detect anomalies. It also allows responders to suggest mitigation strategies and improve the security posture of applications. Ultimately, this knowledge leads...

    Show more Show less
    20 mins
  • DFSP # 449 Zero-Day or Hero-Day
    Sep 24 2024

    This week, we're covering zero-day vulnerability response from a Digital Forensics and Incident Response professional's perspective. In our roles, we often get involved in various tasks that require a security mindset, and one critical task is responding to zero-day vulnerabilities. To provide a real-world context, we'll integrate the recently disclosed zero-day exploit "Copy2Pwn" (CVE-2024-38213) and discuss the specific forensic artifacts and methods used to achieve the objectives of a DFIR response.

    Show more Show less
    34 mins
  • DFSP # 448 WebShell Forensics
    Sep 17 2024

    Welcome to this week’s session, where we’ll delve into web shell forensics—an ever-critical topic in incident response investigations and threat-hunting strategies. Today, I’ll provide a breakdown that includes the latest developments, detailed triage techniques, and practical examples of what to look for during your investigations:

    Show more Show less
    20 mins