PinnedAndrea BocchettiCrafting a Timeline: Extracting the Master File Table ($MFT) from Memory DumpsIn the realm of digital forensics, time is an echo of actions, reverberating through the coded confines of filesystems.Sep 30, 2023Sep 30, 2023
Andrea BocchettiDelaying Malware Execution: A Sneaky Approach with builtin toolsOne clever strategy employed by malware is to introduce execution delays, which can confuse sandbox environments or even cause them to time…Sep 18Sep 18
Andrea BocchettiEvading Virtual Machines: How Malware Uses System MemoryMalware authors have developed increasingly sophisticated techniques to evade detection. One common technique involves detecting whether…Sep 17Sep 17
Andrea BocchettiDetect VM environment using cpuidThe code provided is a hypervisor detection mechanism that checks whether the system is running inside a virtual machine (VM) or on…Sep 16Sep 16
Andrea BocchettiOSCP+ The Controversy and Realities of the Cybersecurity WorldThe OSCP (Offensive Security Certified Professional) certification has long been a gold standard in the cybersecurity industry, valued for…Sep 1Sep 1
Andrea BocchettiCrafting a Windows Driver to Terminate Any ProcessDeveloping a Windows kernel-mode driver specifically to terminate processes is a sensitive and potentially risky operation, and it should…May 12May 12
Andrea BocchettiAnalyze a kernel object using the WinDbg debuggerFirst, we need to install WinDbg and set up the symbol paths if necessary. Without symbols, you won’t be able to see information from the…May 12May 12
Andrea BocchettiOpen Source supply chain attack backdoor in upstream xz/liblzma leading to ssh server compromiseIn these hours, I have tried to organize the information regarding this attempt to implement a backdoor in some Linux distributions, who…Mar 30Mar 30
Andrea Bocchetti🚀 Introducing capa-ta: A Groundbreaking Tool for Static Malware Analysis 🚀Excited to share a project that has been a labor of love and expertise: capa-ta.Mar 9Mar 9
Andrea BocchettiDefense Against Password Spraying AttacksAccount Lockout Policies: Implement account lockout policies to automatically lock user accounts after a certain number of failed login…Jan 31Jan 31