Posts

My first steps into Memory Forensics

Image
" Memory Forensics is a practice useful in areas like incident response, malicious code analysis, network security, threat intelligence gathering. Each function performed by an operating system or application results in a specific modifications to the computer’s memory (RAM), which can often persist a long time after the action, essentially preserving them. Memory Forensics provide unprecedented visibility into the runtime state of the system, such as which processes were running, open connections, and recently executed commands. " I've written this blog post to introduce some fundamental skills in Memory Forensics . Over the past year, I’ve explored various tools and techniques for hunting malware in memory dumps, gaining insights into memory virtualization and the critical relationship between an operating system and its hardware . As part of this article, I’ve included a hands-on tutorial on using the Volatility Framework to analyze Windows processes and detect pot...
Read more

Malware is lightweight

Image
As a solutions engineer in the industry, I recently had a discussion with a Security Analyst about the maximum file size that a Dynamic Analysis (sandbox) system should support to effectively deal with malware. Representation of a skinny malware :) I noticed that, sometimes, the expectation is to support even hundreds of megabytes for executables or exploitable-like files. However, if you pause for a moment and consider the key requirements of well-crafted malware, you will realize that: Malware is a Platform : Modern malware is built on penetration frameworks, requiring attackers to use multiple tools at different stages, from the initial compromise to achieving their final goal. Malware must be Stealthy : Attackers need to remain undetected and move quickly while generating as little noise as possible. Detection must be Evaded : Malware must minimize network traffic and implement evasion techniques to bypass detection at various levels. Given these points, you can understand that lar...
Read more

The first post on seabassfromspace

 This is the first post on seabassfromspace, we are alive! I decided to start this blog to begin publishing articles, stories and guides around cybersec, so this is just a test post to show that we exist in cyberspace!
Read more