Posts Tagged ‘digital image forensics’

In mid-May 2017, many companies around the world were attacked by the WannaCry network crypto variant. The Wannacle malware spread across local networks and the Internet by exploiting the CVE-2017-0143 (MS17-010) vulnerability in components of the SMBv1 service (port TCP 445) in Windows operating systems. Since the industrial network is not directly connected to the Internet, and access is provided through the corporate network using NAT, a firewall and a corporate proxy server, which makes it impossible to infect such systems via the Internet. There are typical industrial network configuration errors, which have led to WannaCry infections, according to our data:

DFIR TRAINING shared some posters of digital forensic, malware analysis and incident response. Such us:

The popularity of memory resident malware has steadily increased over time, possibly resulting from the proliferation of code and knowledge of in memory techniques. Perhaps this is due to the fact that reflects the popularity of the success of memory-based methods to avoid detection of security products and practitioners. Joe Desimone examines the most common of these methods of intruder memory in his article.

DFU Mode or Device Firmware Upgrade mode allows all devices to be restored from any state. It is essentially a mode where the BootROM. DFU is burned into the hardware, so it cannot be removed.