Dfir

Continuing our series on Cloud Forensics & Incident Response, we’ve now posted the third video in our series. It’s titled “AWS IAM Forensics & Incident Response” and you can watch it in YouTube now: What are… Cloud security incident domains? Service domain — Incidents in the service domain might…

Wanted to keep this as a little overview of what I have accomplished in terms of studying this week for my CompTIA Network+ certification. As mentioned in my previous post, I picked up a study guide or whatever you wish to call it that covers all of the objectives required…

Recently, a major cyber security incident occurred in many institutions in Indonesia, resulting in the loss of customer data and financial losses. This incident highlights the need for organizations to conduct regular compromise assessments and to ensure that their systems are secure and up-to-date with the latest security best practices…

“nearbyd” is the “Proximity Daemon” which is responsible for powering the spital interaction between devices. “nerbyd” uses ultra-wideband and other wireless technologies. It is relevant since macOS 10.14/iOS 12.0 (https://keith.github.io/xcode-man-pages/nearbyd.8.html). Moreover, the Mac-O binary is executed from “/usr/libexec/nearbyd” by launchd (https://medium.com/@boutnaru/macos-launchd-a6628195f6e7). …

“oom_reaper” is a kernel thread which was created using the “kthread_run” function (https://elixir.bootlin.com/linux/v6.2.5/source/mm/oom_kill.c#L735). Basically, it is the implementation of the OMM (Out–of-Memory) killer function of the Linux kernel — for more information about it I encourage you to read the following link https://medium.com/@boutnaru/linux-out-of-memory-killer-oom-killer-bb2523da15fc.

A bunch of folks have asked me about what is the goal of different directories in a Windows filesystem hierarchy. So I have decided to write a short series about that. In this writeup we are going to talk about the “Recovery” directory. It could be that you have never…

We’ve just posted an introductory video in our series on Cloud DFIR titled: It’s the first in a (long!) series that aims to help spread knowledge about how to respond to cyber attacks in cloud environments like AWS, Azure and GCP. …

The kernel thread “netns” is based on a single threaded workqueue (https://elixir.bootlin.com/linux/v6.2-rc4/source/net/core/net_namespace.c#L1106), which is created when the network namespace is initialized (net_ns_init()). If you want to read more about “network namespaces” you can use the following link https://medium.com/@boutnaru/linux-namespaces-network-namespace-part-3-7f8f8e06fef3. Also, for a reminder you can also check out the diagram below (https://wizardzines.com/comics/network-namespaces/).

“nfcd” is responsible for managing the NFC (Near-Field Communication) controller (https://keith.github.io/xcode-man-pages/nfcd.8.html). “Nfcd” is a Mach-O binary file which is located at “/usr/libexec/nfcd”. Moreover, it is executed under the “_applepay” by launchd (https://medium.com/@boutnaru/macos-launchd-a6628195f6e7). It is needed by “ApplePay”, due to the fact it means making payments using NFC (https://www.macrumors.com/roundup/apple-pay/).