by aliduveen | Aug 14, 2018
Memory analysis has become a key way to hunt and track malware and advanced persistent threats (APTs). So, it is more important than ever to arm analysts and investigators with better tools and capabilities for memory analysis. We created an app called TA-Volatility...
by aliduveen | Aug 14, 2018
Adopting Docker containers works well for most fast moving orgs, due to flexibility, isolation, transient existence, ease of management and patching. On the other hand, it becomes a challenging environment when the sensitivity level of the data traversing the...
by aliduveen | Aug 14, 2018
Osquery is a cross platform open source agent designed to pull system telemetry without modifying system state of the host. This observe and report premise has served us well but as our needs and security goals change so must the demands we make of our tools. In 2017...
by aliduveen | Aug 14, 2018
Ever wanted to do forensics and feel good about it? This talk will introduce you to Turbinia: A forensic tools automation framework for the cloud. Throughout this talk, we’ll reveal the details of how Turbinia operates, showing how tools like dftimewolf can integrate...
by aliduveen | Aug 14, 2018
MacOS host monitoring – the open source way, I will talk about a example piece of malware(Handbrake/Proton) and how you can use open source tooling detection tooling to do detection and light forensics. Since I will be talking about the handbrake malware, I will...
