Kevin's Cyber Journal

Cybersecurity Kill Chain A model that describes stages of an attack (developed by Lockheed Martin). This model assists the red and blue team view how attacks may be deployed.

  Kali Linux Fundamentals and Transforming Data Kali Linux is a form of debian linux operating system that specializes in penetration testing, digital forensics, and other forms of security research. This OS is maintained by Offensive Security, a popular security firm that develops security research materials worldwide.

When examining ongoing processes for any signs of a breach, is it possible that a malicious process can go under the same name of a legitimate process?  As someone who runs multiple windows of chrome, I expect to see more than one chrome.exe amongst my processes. Malware may run another process under the same name. Additionally I often see malware run processes under a misspelled name at least in some CTFs, is this seen in other breaches?

These were other materials that I learned during my investigation. Pointing these out here for my own benefit, for whenever I need to return to in the future. When reading out netscan results, most were not in the IPv4 format but rather in IPv6. After some researching I learned I was looking at the link-local IPv6 addresses (LAN) because of the “FE80” denotation, the first 10 bits within a IPv6 address. This introduced me to telling the difference of examining a local address and a global address (for the public).

As a DFIR enthusiast, my first post on this blog will be about memory forensics. The following mock case that I have been investigating is provided from DFIR madness by James Smith . The setting of this case involves a popular cartoon character's sauce recipe being leaked and as digital forensic examiners, we must attempt to uncover how this happened. Jumping forward to the analysis phase of the investigation, I will be examining the memory of the domain controller (DC) server. The conclusion of my  findings are at the bottom of this post.