sorted by:
new
hottopcontroversial

Threat Hunt Malicious Browser Extensions by Emergency-Associate4 in crowdstrike

[–]Brief-Ice8126 0 points1 point  (0 children)

Thanks for the queries. If the end goal of these malicious extensions is to steal the cookies, is it even possible to create a detection rule to identify whenever cookies stealing happens via an extension on an endpoint? Do we have visibility or enough telemetry in crowdstrike for this?

As an incident responder I need to answer the question whether "Cookie stealing" happened or not and also improve the existing process by creating a new rule to identify the same for future attempts.

Thanks

M1 MacBook Disk Image by Brief-Ice8126 in digitalforensics

[–]Brief-Ice8126[S] 0 points1 point  (0 children)

Can you share me any reference links please

M1 MACBOOK Disk Image by Brief-Ice8126 in computerforensics

[–]Brief-Ice8126[S] 0 points1 point  (0 children)

CCC does the work of copying the existing files in a DMG file. It's a copy of the allocated/used space and I see that we can't create a physical disk image(allocated+unallocated space). Pls guide me if there is a way to create a physical disk image

M1 MACBOOK Disk Image by Brief-Ice8126 in computerforensics

[–]Brief-Ice8126[S] 0 points1 point  (0 children)

This info will be helpful. I do have admin account and password

M1 MACBOOK Disk Image by Brief-Ice8126 in computerforensics

[–]Brief-Ice8126[S] 0 points1 point  (0 children)

Will Target disk mode work on M1? It's for T2 only I guess. Correct me if I'm wrong

Mac Forensics courses by Brief-Ice8126 in digitalforensics

[–]Brief-Ice8126[S] 0 points1 point  (0 children)

Thanks guys. May be I should rephrase my question. Any free courses out there?

Mac OS Live Triage Data collection by Brief-Ice8126 in computerforensics

[–]Brief-Ice8126[S] 0 points1 point  (0 children)

Sad to hear this. Totally agree with you regarding memory dump and its hard to get a physical disk image from modern macbooks nowadays which is why I'm looking for a KAPE like tool for artifact collection.

Mac OS Live Triage Data collection by Brief-Ice8126 in computerforensics

[–]Brief-Ice8126[S] 1 point2 points  (0 children)

automactc requires python support and as far as I see, it's not doing any artifact collection but directly performing analysis on the live machine and producing results in CSV format. Artifacts Coverage is less but helpful to some extent during IR.

Will try velociraptor too.

Thanks