all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Injected payload memory forensics

Add to bookmarks
July 13, 2023, 5:48 p.m. | /u/Whoami7087

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

Hello All,

I was working on an interesting case for a compromised server, i investigated the disk but didn't find any artifacts for the compromise.However, by doing deep memory forensics, i was able to detect a payload injected into a process, mostly a beacon. Now, I am thinking how could i know the root cause of the compromise without any disk forensics, and only by the detected memory payload

artifacts beacon blueteamsec case compromise compromised detect disk doing find forensics hello memory memory forensics payload process root server thinking working

Visit resource

More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence

Empowering enterprise security at scale with new product innovations: YubiKey 5.7 and Yubico Authenticator 7 13 hours ago | www.reddit.com
authenticator blueteamsec enterprise enterprise security +6
How To: Use UFW(Uncomplicated Firewall) and Send the logs to Sentinel and Parse with a … 16 hours ago | www.reddit.com
blueteamsec check connections easy +8
Discover Proton Mail registration date with one weird trick… 1 day, 12 hours ago | www.reddit.com
blueteamsec date discover mail +5
NATO Deputy Secretary General: we must be big on cyber defence ambitions 1 day, 15 hours ago | www.reddit.com
big blueteamsec cyber cyber defence +4
YARA is dead, long live YARA-X 1 day, 15 hours ago | www.reddit.com
blueteamsec dead live yara
BSI is suing Microsoft to release information about security disasters 1 day, 20 hours ago | www.reddit.com
blueteamsec bsi disasters information +3
The 471 Cyber Threat Report 2024 2 days, 3 hours ago | www.reddit.com
blueteamsec cyber cyber threat cyber threat report +3
Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets 2 days, 17 hours ago | www.reddit.com
azure blueteamsec employee expose +6
Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID 2 days, 17 hours ago | www.reddit.com
blueteamsec cleaning icedid latrodectus +1

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Senior - Penetration Tester

@ Deloitte | Madrid, España
View on infosec-jobs.com

Associate Cyber Incident Responder

@ Highmark Health | PA, Working at Home - Pennsylvania
View on infosec-jobs.com

Senior Insider Threat Analyst

@ IT Concepts Inc. | Woodlawn, Maryland, United States
View on infosec-jobs.com