Windows Timeline: Putting the what & when together

One of the most critical factors that determine the success and efficacy of a digital forensic investigation is putting together the right temporal analysis of events. At a fundamental level, the Windows Timeline is nothing but putting the what and when together of the user’s activities on a Windows system. The Windows Timeline is an […]

Pegasus Spyware

Introduction With each passing day, the world is waking up to new global cybersecurity challenges. The latest one was unearthed this month. Move over SolarWinds, Microsoft Exchange vulnerabilities, and REvil ransomware. It is now time for Pegasus! Pegasus is spyware that aids in cyber-espionage developed by the NSO Group of Israel. Recent investigations reveal that […]

Technical Analysis of DearCry Ransomware

Note: This is a technical deep-dive into DearCry ransomware. If you want a preliminary analysis of the ransomware, you can find it here. The Network Intelligence team initiated a Static analysis of the ransomware sample we received. The team used a tool called PEstudio, which helps in the static analysis of executable files. Static Analysis […]

DearCry Makes Organisations Cry

Note: We have also done a technical analysis on DearCry. Read here. It’s a warm summer morning. While sipping your morning coffee, you access the work email. But you’re unable to log in. After trying a few tricks you’ve read up in some tech blogs, you reach out to your IT team. They remote log-in […]

Super Timeline Using ELK Stack

  ELK Stack is a collection of three components – Elasticsearch, Logstash & Kibana Logstash – This component is responsible for processing incoming data. It takes input from different sources, executes different transformations and stores the results in Elasticsearch or other formats Elasticsearch – NoSQL database based on Apache Lucene’s search engine. Kibana – Web […]

Anatomy of a Credit Card Stealing POS Malware

INTRODUCTION Point-of-sale (POS) is the place where a retail transaction is completed. It is the point at which a customer makes a payment to the merchant in exchange for goods or services. Majority of retail POS systems also include a debit/credit card reader. POINT-OF-SALE INTRUSIONS What is it? When attackers compromise the computers and servers […]