30 May 2023
By Mary

InfoSec News Nuggets 05/30/2023

Emby shuts down user media servers hacked in recent attack  Emby says it remotely shut down an undisclosed number of user-hosted media server instances that were recently hacked by exploiting a previously known vulnerability and an insecure admin account configuration. "We have detected a malicious plugin on your system which has probably been installed without your knowledge. [..] For your safety we have shutdown your Emby Server as a precautionary measure," the company informed users of affected servers in…
Read More
25 Feb 2023
By Cassie Doemel

AboutDFIR Site Content Update 02/25/23

Tools & Artifacts - Windows - new entries added - Bitdefender, BoxDrive, F-Secure, and OpenVPN Tools & Artifacts - Android - new entry added - GroupMe Jobs - old entries cleaned up, new entries added - Cisco, North American Electric Reliability Corporation (NERC), Deepwatch, Nature's Way, Affinity Federal Credit Union, Sophos, Warner Bros, United Airlines, JP Morgan Chase & Co, American Electric Power, Jackson, and Newell AboutDFIR stickers are still a thing! If you're interested in…
Read More
15 Jan 2023
By Cassie Doemel

AboutDFIR Site Content Update 01/15/23

Tools & Artifacts - Windows - new entries added - Program Compatibility Assistant, Security:4624 (Win11), and Notepad++ Tools & Artifacts - iOS- new entries added - Apple Watch Data and Continuity/Cellular Relay Tools & Artifacts - Android - new entry added - TikTok Annual Industry Reports - new entry added - Google Threat Report Jobs - old entries cleaned up, new entries added -Fortinet, Nissan, American Express, Verizon, Marriott, Synchrony, Tyson Foods, and FanDuel AboutDFIR…
Read More
07 Oct 2022
By Mary

InfoSec News Nuggets 10/07/2022

TikTok's "secret operation" tracks you even if you don't use it  Consumer Reports (CR), a US-based nonprofit consumer organization, has revealed that TikTok gathers data on people who don't even use the app itself. If this sounds familiar, it's because it's happened before. Meta's near-omnipresence wherever you are online enabled it to gather data on users, even those who don't have Facebook accounts—thanks, in part, to the Facebook "Like" button, a piece of code embedded on most websites. According…
Read More
22 Jun 2022
By Mary

InfoSec News Nuggets 06/22/2022

DDoS-for-hire service provider jailed Matthew Gatrel, a 33-year-old man from St. Charles, Illinois, has been sentenced to two years in prison for running websites that provide powerful distributed denial-of-service (DDoS) attacks against internet users and websites. This sentencing resulted in the seizure of his websites, making the internet a little safer from DDoS attacks. Gatrel was the administrator and owner of DownThem.org and AmpNode.com, two DDoS-for-hire websites with thousands of clients which launched attacks against more than 200,000 targets. He was convicted of three…
Read More
27 Aug 2021
By Mary

InfoSec News Nuggets 08/27/2021

Quantum computers could read all your encrypted data. This 'quantum-safe' VPN aims to stop that To protect our private communications from future attacks by quantum computers, Verizon is trialing the use of next-generation cryptography keys to protect the virtual private networks (VPNs) that are used every day by companies around the world to prevent hacking. Verizon implemented what it describes as a "quantum-safe" VPN between one of the company's labs in London in the UK and a US-based…
Read More
11 Jun 2021
By Mary

InfoSec News Nuggets 06/11/2021

How to Protect Seniors Against Cybercrimes and Scams Many of the crimes that occur in real life happen on the internet too. Credit card fraud, identity theft, embezzlement, and more, all can be and are being done online. Seniors and the elderly are often targeted for these cybercrimes. They tend to be more trusting than younger people and usually have better credit, and more wealth. This makes them more attractive to scammers. Seniors are considered…
Read More
11 Feb 2021
By Andrew Rathbun

AboutDFIR Content Update 2/11/2021

The first AboutDFIR update of February 2021 is here: Tools & Artifacts - Android - new entries added Tools & Artifacts - DVR/Multimedia - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I've been continuing lots of work on GitHub to help improve…
Read More
07 May 2020
By Mary

InfoSec News Nuggets 5/7/2020

DigiCert hit as hackers wriggle through (patched) holes in buggy config tool DigiCert, slinger of SSL/TLS certificates, has warned that it too has suffered at the hands of Salty miscreants as a key used for Signed Certificate Timestamps (SCT) was potentially compromised. The company joins Ghost.org and LineageOS in being the target of ne'er do wells as attackers exploited a disclosed (and patched) vulnerability in the Salt configuration tool over the weekend, spraying exposed infrastructure with cryptocurrency mining software.…
Read More
29 Apr 2020
By Mary

InfoSec News Nuggets 4/29/2020

Online auction of record-breaking whisky collection hit by cyber-attack A record-breaking online auction of rare whiskies has been postponed indefinitely after being targeted in a cyber-attack. The sale of Richard Gooding’s “The Perfect Collection” was marketed as “the largest and most unprecedented private whisky collection ever to be offered for public sale”. The first phase of the auction, consisting of more than 1,900 bottles, fetched more than £3.2m earlier this year. The second phase of…
Read More
10 Sep 2019
By Mary

InfoSec News Nuggets 9/10/2019

Capital One hacker Paige Thompson pleads not guilty on all counts The alleged Capital One hacker Paige Thompson has pleaded not guilty to all charges on her first appearance in court. Appearing at the Western District of Washington federal court late last week, Thompson pleaded not guilty to charges that included wire fraud, and computer fraud and abuse. She could be sentenced to up to 25 years in prison if convicted. A full trial is…
Read More
19 Mar 2019
By Devon

Catching Up 3/19/2019

I’m overdue for an update, so here we go!  I came across some pretty cool stuff recently.  I know I’ve said this before, but it really is a fantastic time to be involved in DFIR! Nick Caldwell won me over with the very first article of his I came across, and he hasn’t disappointed me since!  He’s such a solid force of wisdom: https://hackernoon.com/the-worst-career-advice-i-ever-received-54aaf2a50c93 https://medium.com/@nickcaldwell/latest @NickCald Unless you live in a cave, you probably already knew this, but Eric…
Read More
27 Jul 2018
By Tony Knutson

Reddit, Lets Talk About It

Sorry for the very long delay. Between heading out to DC to TA/Moderate the FOR585 class and work, it has been very chaotic! No excuse, but just very busy. One thing though that I have been working on has been reversing the Reddit App that came out about a year or so ago. Now, what really drew me to this is I'm not seeing a lot of support from the main forensic tools out there…
Read More
26 Jun 2018
By Tony Knutson

So You Want to Get into DFIR? Private Sector Edition

So you've decided that public sector is just not for you. Nothing wrong with that! We just need to work on getting you ready for different suits. This is a different animal all together! If you have a love for white collar issues, you'll see there is no end to the work you can do. If you love threat hunting, this will be a joy! What am I going to work?  This is going to…
Read More
22 Jun 2018
By Tony Knutson

Command Line or: How I learned to stop relying on GUI interfaces and love the syntax

So this is a little later than I thought I would post this, but life gets in the way! This is something very near and dear to me for a specific reason, my mentor was extremely anti GUI software. Not because he didn't understand (although he was about as G-Man you could imagine), but because he felt that to really understand the data, you needed to get into the weeds. Most vendor software out there…
Read More
20 Jun 2018
By Tony Knutson

Playing Nice in the Sandbox Together

Tell me how many of these you've heard of: Blue Team, Red Team, Purple Team, Green Team, Sprinkles Team ...okay that last one I just made up. Also, why doesn't DFIR ever have its own "team?" I'm not going to explain them all to you, but yes, these are in-fact terms of explanation of the many facets of IT Security in some way. In the mil days, they were a way of distinguishing who would…
Read More
17 Jun 2018
By Tony Knutson

So, who am I?

Many are probably wondering who I am and if this is worth their own time. My hope is that it will be! To start, I won't go into my background too much...if you want to know it you'll probably be able to ask around to put the pieces together. Also, I'm not of the kind of person who thinks degrees and certs make the person. Do I have those? Yes, I do. We will leave…
Read More
16 Jun 2018
By Tony Knutson

Removing the Cloak

So I was basically challenged into starting up a blog in relation to giving back to the community. This was largely pushed by many of the SANS instructors within the digital forensics curriculum as there is a large gap within the field as a whole. Coming from my previous employer, this was just something that couldn't be done. We are always pushed to err on the side of caution while conducting any activity online as…
Read More
27 Apr 2018
By Devon

Forensic 4:cast 2018

This year, I have been nominated by the #DFIR industry for two categories of the Forensic 4:Cast awards (https://forensic4cast.com/). Please vote for Devon Ackerman as "Digital Forensic Investigator of the Year" and vote for this website, AboutDFIR.com, for "Digital Forensic Resource of the Year" for 2018. Regardless of who you cast your Forensic 4:cast 2018 votes for, please consider joining Mary Ellen and I in Austin, Texas at the SANS conference to celebrate no matter…
Read More