About
Hi, My 2021 Personal Challenge was to do more research and technical writing into all things Security Analysis, Forensics, Incident Response. This is my attempt at just that; I would be really surprised if any of this was original research and full credit will be given to the great minds that researched/translated/documented/discovered and most importantly shared. Always open to feedback on improvements I can make to both writing style, approach and anything really!
I left an unsecured MongoDB up for 2 months…heres how it went
Been deploying a bunch of quick honeypots recently, for commonly exploited services, with a particular focus on having proper logging configured which is often an afterthought; first one going to quickly write about is MongoDB. I don’t imagine this blogpost will contain anything ground breaking (“ransom” of exposed mongoDB’s are well documented in terms of…
Mark-of-the-Web (MOTW) – from a DFIR & Detection Perspective
Background I was recently reviewing some Windows Defender logs and noticed that many of the detections had file origin information and not just the MOTW ADS Zone identifier, had seen these before and largely forgot it existed. Quick bit of googling later and really didn’t get a huge amount of information back on this (fundamentally…
Get new content delivered directly to your inbox.
Dfur 