PinnedAndrea BocchettiCrafting a Timeline: Extracting the Master File Table ($MFT) from Memory DumpsIn the realm of digital forensics, time is an echo of actions, reverberating through the coded confines of filesystems.Sep 30, 2023Sep 30, 2023
Andrea BocchettiCrafting a Windows Driver to Terminate Any ProcessDeveloping a Windows kernel-mode driver specifically to terminate processes is a sensitive and potentially risky operation, and it should…May 12May 12
Andrea BocchettiAnalyze a kernel object using the WinDbg debuggerFirst, we need to install WinDbg and set up the symbol paths if necessary. Without symbols, you won’t be able to see information from the…May 12May 12
Andrea BocchettiOpen Source supply chain attack backdoor in upstream xz/liblzma leading to ssh server compromiseIn these hours, I have tried to organize the information regarding this attempt to implement a backdoor in some Linux distributions, who…Mar 30Mar 30
Andrea Bocchetti🚀 Introducing capa-ta: A Groundbreaking Tool for Static Malware Analysis 🚀Excited to share a project that has been a labor of love and expertise: capa-ta.Mar 9Mar 9
Andrea BocchettiDefense Against Password Spraying AttacksAccount Lockout Policies: Implement account lockout policies to automatically lock user accounts after a certain number of failed login…Jan 31Jan 31
Andrea BocchettiTLS Callbacks to bypass debuggersThese callbacks are essentially a collection of functions that are defined within the TLS directory of a PE file. The Windows loader…Jan 30Jan 30
Andrea BocchettiIn the Labyrinths of Undocumented APIs of Windows — anti-debugging technicsThe complex tapestry of an operating system conceals a myriad of secrets, particularly within the hidden corridors of undocumented…Oct 12, 2023Oct 12, 2023
Andrea BocchettiExtract IOCs from memory dump with bulk_extractorExtracting Indicators of Compromise (IOCs) from a memory dump can provide valuable information for forensic analysts during an incident…Sep 29, 2023Sep 29, 2023
Andrea BocchettiMalware can detect a USB device being inserted into a computerPolling: Malware may continuously poll or check the system to see if a new device has been inserted. This might involve scanning the system…Sep 27, 2023Sep 27, 2023