Recently I’ve been working on more automation around the use of rekall.
Think “random sampling” and analysis but more effective than the TSA.
Python volatility has always been my go-to for processing live windows...
Read more…You may have noticed that since the release of AWS_IR and MargaritaShotgun nearly two years ago that we have continued to add features. Features that were all based on the feedback of users like you.
Initially we...
Read more…Location: Jasmine Ballroom
Date: Wednesday, July 26 | 1:30pm-2:20pm
Serverless technology is getting increasingly ubiquitous in the...
Read more…
If you are a user of margaritashotgun you likely love the support that it provides for acquiring live memory via ssh. This supports acquisition to your forensics workstation or Amazon...
Read more…Things have been quiet on the blog through Amazon re: Invent. It’s not due to the fact that we don’t want to blog! We want to update you on what’s going on with ThreatResponse and the IR tools.
There’s been so much...
Read more…By: Alex McCormack @amccormack
I recently cleaned up the README for ThreatPrep, adding better installation instructions, explanations of code, and an example IAM policy users could use to run the tool. I quickly...
Read more…By: Andrew Krug @andrewkrug
Part 2
In our last post we looked at basic defense against a “stop logging” attack which we can all agree is a best case scenario. Stop logging attacks are not sophisticated or difficult...
Read more…By: Andrew Krug @andrewkrug
Part 1
This has been a really great year for analysis of Cloud Security on Amazon. As part of presenting the ThreatResponse tool kit the team and I have been out seeing all of the...
Read more…