Explorer's | Learn IR/Cyber Sec

Aug 27, 20244 min read

Lateral Movement in Cyber Attacks: Key Protocols, Tools, and Detection Methods

Lateral movement refers to how attackers move through a network after gaining initial access. This allows them to explore the...

82 views0 comments

Aug 26, 20243 min read

Strengthening Defense: Securing Privileged Accounts Against Advanced Attack Tactics

In the realm of cybersecurity, one of the most targeted areas by adversaries is privileged accounts. These accounts hold elevated...

28 views0 comments

Aug 24, 20243 min read

Analyzing and Extracting Bitmap Cache Files from RDP Sessions

When dealing with Remote Desktop Protocol (RDP) sessions on Windows, one of the often overlooked yet valuable artifacts is the RDP bitmap...

147 views0 comments

Aug 22, 20245 min read

Active Directory Attacks: A Dive into Ransomware Tactics

Active Directory (AD) is the backbone of many corporate networks, providing centralized management of users, devices, and permissions....

53 views0 comments

Aug 21, 20248 min read

Persistence: The Art of Staying Hidden

In the world of ransomware, persistence is key. Once attackers gain access to a system, their goal is to maintain that access for as long...

50 views0 comments

Aug 20, 20243 min read

Dark Side of Scripting: How Ransomware Abuses Powerful Tools

Ransomware attacks have become increasingly sophisticated, leveraging every tool at their disposal to wreak havoc. Among these tools,...

27 views0 comments

Aug 19, 20244 min read

Ransomware Tactics: Leveraging Legitimate Tools and Advanced Techniques

Ransomware actors have increasingly shifted their tactics, techniques, and procedures (TTPs) to include the use of legitimate commercial...

35 views0 comments

Aug 18, 20244 min read

Understanding Infection Vectors in Ransomware Attacks

Ransomware attacks have become increasingly sophisticated, with threat actors leveraging various infection vectors to gain initial access...

30 views0 comments

Aug 17, 20242 min read

Enhancing Your Logging Capabilities with Sysmon for ransomware/Any type of attack

Why Sysmon? Sysmon provides detailed information about process creations, network connections, and changes to file creation time. This...

18 views0 comments

Aug 16, 20243 min read

Enhancing Windows Security with Log-MD

What is Log-MD? Log-MD is a security tool tailored for Windows systems. It audits log settings and advanced audit policy configurations,...

27 views0 comments

Aug 15, 20243 min read

Tools for Ransomware Analysis and Response

In the world of ransomware analysis and incident response, having the right tools at your disposal can make all the difference. Manual...

40 views0 comments

Aug 14, 20242 min read

Windows Environment Variables for Ransomware Analysis

Windows environment variables are one such critical component that forensic analysts must be familiar with. These variables function like...

36 views0 comments

Aug 13, 20242 min read

Ransomware Analysis: A Examiner’s Guide

When it comes to forensic analysis, Windows is an incredibly revealing operating system. It leaves behind numerous traces that can...

60 views0 comments

Aug 12, 20242 min read

Understanding Ransomware Hosting and Affiliate Programs

Ransomware attacks continue to evolve, and so do the tactics used by ransomware actors. One of the key components in their operations is...

27 views0 comments

Aug 10, 20244 min read

Running Plaso/Log2Timeline on Windows

In my previous blog, A Deep Dive into Plaso Log2Timeline Forensic Tools, I covered how to use Plaso Log2Timeline on Ubuntu and parse the...

94 views0 comments

Aug 9, 20242 min read

How Ransomware Operators Communicate and Share Data

The darknet is a hidden part of the internet where anonymity is paramount. It's a favorite spot for ransomware operators and other...

46 views0 comments

Aug 8, 20242 min read

Understanding the Ransomware Extortion Types, DLSs, Resources

Ransomware attacks are a major threat today, constantly evolving to keep victims under pressure. Types of Ransomware Extortion Data...

34 views0 comments

Aug 7, 20242 min read

Ever-Evolving World of Ransomware: Evolution Over Time

Ransomware is a constantly changing threat. It's like a game of whack-a-mole for researchers: as soon as you think you've understood one...

35 views0 comments

Aug 6, 20242 min read

Understanding Ransomware-as-a-Service (RaaS) Part 4: RaaS Dashboards and Darknet Marketplaces

Introduction Welcome back to our series on Ransomware-as-a-Service (RaaS)! In this post, we will explore RaaS dashboards and the role of...

33 views0 comments

Aug 5, 20242 min read

Understanding Ransomware-as-a-Service (RaaS) Part 3: Exploring Ransomware Builders

Introduction Welcome back to our series on Ransomware-as-a-Service (RaaS)!Today, we’re diving into the world of ransomware builders, the...

36 views0 comments