We will learn how Django Applications works and how to contribute to existing project. This guide is coming from notes explaining architecture and workflow for joining Devs. Particular project is not publicly available yet but design concepts and workflow are generic an applicable to any Django project.

We suppose that…

This blog post series explains the basic evaluation of email headers, body, and various types of attachments.

Parts of this Email Forensics Series:

In the first part of the series, we examine methods of how…

We will alert on shell commands executed on behalf of Web Server by monitoring of Audit Deamon logs. In prequel article, we followed multiple log sources with the goal to detect WebShell actions on the server. See article below:

There we found that Audit Deamon log is the most reliable…

Forensics of second malicious PDF sample to find exploits and shellcodes within obfuscated JS code.

It is suggested to read the first part before progressing further.

Our Workshop will continue with a slightly more complicated sample ffe8db8803d5ead7a7c4d4dfd393e4601a91b867. …

Obfuscation by character substitution

The goal of this workshop is to manually find exploits and shellcodes within obfuscated JS code delivered in PDF file. For effective defense, we need to know what vulnerability is attacker trying to abuse and how will malware call home.

PDF readers are popular targets as they need to support…

To threat hunt means to proactively search for malware or attackers behind deployed security controls and detection baseline. It often starts as white-board brainstorming of people with different security backgrounds. This brings valuable diversity in the topic but also risk of miss-conceptions as well.

Ideas described below may appear on…

Peter Matkovski

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store