all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Injected payload memory forensics

Add to bookmarks
July 13, 2023, 5:48 p.m. | /u/Whoami7087

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

Hello All,

I was working on an interesting case for a compromised server, i investigated the disk but didn't find any artifacts for the compromise.However, by doing deep memory forensics, i was able to detect a payload injected into a process, mostly a beacon. Now, I am thinking how could i know the root cause of the compromise without any disk forensics, and only by the detected memory payload

artifacts beacon blueteamsec case compromise compromised detect disk doing find forensics hello memory memory forensics payload process root server thinking working

Visit resource

More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence

Breaking down Microsoft’s pivot to placing cybersecurity as a top priority 5 hours ago | www.reddit.com
blueteamsec breaking cybersecurity down +2
How to enforce usage of Privileged Access Workstations for Admins 1 day, 22 hours ago | www.reddit.com
access blueteamsec privileged privileged access +1
Attribution of a Russian cyber campaign The Federal Government condemns in the strongest possible terms … 2 days, 17 hours ago | www.reddit.com
actor apt28 attribution blueteamsec +14
North Korean Actors Exploit Weak DMARC Security Policies to Mask Spearphishing Efforts 3 days, 20 hours ago | www.reddit.com
blueteamsec dmarc exploit north +5
Investigating Microsoft Graph Activity Logs 3 days, 22 hours ago | www.reddit.com
blueteamsec graph logs microsoft
New Ivanti vulnerability 3 days, 22 hours ago | www.reddit.com
blueteamsec can cvss ivanti +4
How an empty S3 bucket can make your AWS bill explode - "As it turns … 4 days, 7 hours ago | www.reddit.com
aws backups bill blueteamsec +9
Any tips for doing a living off the land threat hunt on your own computer? 4 days, 14 hours ago | www.reddit.com
blueteamsec clients computer computers +18
Sodinokibi/REvil Affiliate Sentenced for Role in $700M Ransomware Scheme 4 days, 16 hours ago | www.reddit.com
affiliate blueteamsec ransomware revil +3

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Consultant Sécurité SI H/F Gouvernance - Risques - Conformité - Nantes

@ Hifield | Saint-Herblain, France
View on infosec-jobs.com

L2 Security - Senior Security Engineer

@ Paytm | Noida, Uttar Pradesh
View on infosec-jobs.com

GRC Integrity Program Manager

@ Meta | Bellevue, WA | Menlo Park, CA | Washington, DC | New York City
View on infosec-jobs.com

Consultant Active Directory H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

Consultant PCI-DSS H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

Head of Security Operations

@ Canonical Ltd. | Home based - Americas, EMEA
View on infosec-jobs.com
View more jobs