Forwarded from BlackBox (Security) Archiv
Introducing Project Freta - Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service
Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected.
The cloud offering, dubbed Project Freta, is a snapshot-based memory forensic mechanism that aims to provide automated full-system volatile memory inspection of virtual machine (VM) snapshots, with capabilities to spot malicious software, kernel rootkits, and other stealthy malware techniques such as process hiding.
The project is named after Warsaw's Freta Street, the birthplace of Marie Curie, the famous French-Polish physicist who brought X-ray medical imaging to the battlefield during World War I.
"Modern malware is complex, sophisticated, and designed with non-discoverability as a core tenet," said Mike Walker, Microsoft's senior director of New Security Ventures. "Project Freta intends to automate and democratize VM forensics to a point where every user and every enterprise can sweep volatile memory for unknown malware with the push of a button — no setup required."
The objective is to infer the presence of malware from memory, at the same time gain the upper hand in the fight against threat actors who deploy and reuse stealthy malware on target systems for ulterior motives, and more importantly, render evasion infeasible and increase the development cost of undiscoverable cloud malware.
https://www.microsoft.com/en-us/research/blog/toward-trusted-sensing-for-the-cloud-introducing-project-freta/
https://thehackernews.com/2020/07/microsoft-linux-forensics-rootkit.html
#microsoft #linux #cloud #Freta #forensics #research #rootkit #malware
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected.
The cloud offering, dubbed Project Freta, is a snapshot-based memory forensic mechanism that aims to provide automated full-system volatile memory inspection of virtual machine (VM) snapshots, with capabilities to spot malicious software, kernel rootkits, and other stealthy malware techniques such as process hiding.
The project is named after Warsaw's Freta Street, the birthplace of Marie Curie, the famous French-Polish physicist who brought X-ray medical imaging to the battlefield during World War I.
"Modern malware is complex, sophisticated, and designed with non-discoverability as a core tenet," said Mike Walker, Microsoft's senior director of New Security Ventures. "Project Freta intends to automate and democratize VM forensics to a point where every user and every enterprise can sweep volatile memory for unknown malware with the push of a button — no setup required."
The objective is to infer the presence of malware from memory, at the same time gain the upper hand in the fight against threat actors who deploy and reuse stealthy malware on target systems for ulterior motives, and more importantly, render evasion infeasible and increase the development cost of undiscoverable cloud malware.
https://www.microsoft.com/en-us/research/blog/toward-trusted-sensing-for-the-cloud-introducing-project-freta/
https://thehackernews.com/2020/07/microsoft-linux-forensics-rootkit.html
#microsoft #linux #cloud #Freta #forensics #research #rootkit #malware
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Microsoft Research
Toward trusted sensing for the cloud: Introducing Project Freta - Microsoft Research
“Sunlight is said to be the best of disinfectants.” ―Louis D. Brandeis, 1914 We often think about the field of computer security as a field of walls and barriers that keep intruders out. With Project Freta, we invite readers to…
A good thread on effective novel #cellphone #surveillance and #forensics by the #FBI
https://nitter.net/tomiahonen/status/1453797787452297225
https://twitter.com/tomiahonen/status/1453797787452297225?s=21
https://nitter.net/tomiahonen/status/1453797787452297225
https://twitter.com/tomiahonen/status/1453797787452297225?s=21
Nitter
Tomi T Ahonen (@tomiahonen)
The Wire: Trump Special Thread 1/
Attorney General Garland yesterday mentioned 'new' forensic methods to catch Jan 6 terrorist insurrectionists that were not commonly used prior to 2003. One is cellphone tower data. I mentioned it already on Jan 10. Let…
Attorney General Garland yesterday mentioned 'new' forensic methods to catch Jan 6 terrorist insurrectionists that were not commonly used prior to 2003. One is cellphone tower data. I mentioned it already on Jan 10. Let…
Forwarded from GJ `°÷°` 🇵🇸🕊 (t ``~__/>)
Source translation from @actualiteFR
As I said yesterday, the #Bucha case is far from over and #journalists are discovering a lot of interesting and important information in the course of their investigations. The articles that come out are therefore completed.
@donbassinsider has published an article giving today's findings on the Bucha case.
https://www.donbass-insider.com/fr/2022/04/05/massacre-de-boutcha-quand-images-satellite-et-videos-manipulees-pour-raconter-fausse-histoire/
Rybar has also published a number of demonstrations on the angle of the #US satellite shots, the study of the snow cover on certain dates, the axis of the shadows due to the sun, the rainfall on certain days, etc., which show the inconsistencies with the dates announced by the Western-Kiévians, as well as their version of the facts.
Technically, the file that is taking shape is interesting, we touch on #meteorology, geometry, #satellite orbits, #forensics etc... It is intellectually enriching, far from being a simple clash of testimonies and opinions. We can keep our brainpower working by reading this 👍😊
https://t.me/rybar/30540
https://t.me/rybar/30578
https://t.me/rybar/30579
https://t.me/rybar/30581
https://t.me/rybar/30583
https://t.me/rybar/30586
https://t.me/rybar/30591
https://t.me/rybar/30598
https://t.me/rybar/30599
#Russia #Ukraire #WarCrimes
As I said yesterday, the #Bucha case is far from over and #journalists are discovering a lot of interesting and important information in the course of their investigations. The articles that come out are therefore completed.
@donbassinsider has published an article giving today's findings on the Bucha case.
https://www.donbass-insider.com/fr/2022/04/05/massacre-de-boutcha-quand-images-satellite-et-videos-manipulees-pour-raconter-fausse-histoire/
Rybar has also published a number of demonstrations on the angle of the #US satellite shots, the study of the snow cover on certain dates, the axis of the shadows due to the sun, the rainfall on certain days, etc., which show the inconsistencies with the dates announced by the Western-Kiévians, as well as their version of the facts.
Technically, the file that is taking shape is interesting, we touch on #meteorology, geometry, #satellite orbits, #forensics etc... It is intellectually enriching, far from being a simple clash of testimonies and opinions. We can keep our brainpower working by reading this 👍😊
https://t.me/rybar/30540
https://t.me/rybar/30578
https://t.me/rybar/30579
https://t.me/rybar/30581
https://t.me/rybar/30583
https://t.me/rybar/30586
https://t.me/rybar/30591
https://t.me/rybar/30598
https://t.me/rybar/30599
#Russia #Ukraire #WarCrimes
Donbass Insider
Massacre de Boutcha – Quand images satellite et vidéos sont manipulées pour raconter une fausse histoire - Donbass Insider
Alors que le scandale autour du massacre de Boutcha prend de l’ampleur, de nouveaux éléments prouvent qu'il s'agit de désinformation.
Forwarded from GJ `°÷°` 🇵🇸🕊 (t ``~__/>)
This media is not supported in your browser
VIEW IN TELEGRAM
#Ursula in #Bucha. . No cat for her just lots of plastic bags. . I thought they where already doing some #forensics - #identification - #autopsy - an enquiry you know.. you mean to say they let those poor dead people outside in a plastic bag for the #press ? A week or so ?
Maybe the #cat is smarter and will answer..
^-^
#Ukraine #Media #EU
Forwarded from GJ `°÷°` 🇵🇸🕊 (t ``~__/>)
Ukrainians Identify Bodies in Bucha | Russia-Ukraine War - Invidious – https://invidious.fdn.fr//watch?v=pCnlxfBgq4o&local=true
- Why are the bodies aready in plastic bags and are dragged out of the "mass burial grave" ?
- Why don't we actually see bolies without plastic bags
- from a pratical perspective it's easier to lay a body outside a muddy unstable surface ( that means you would aline them all in a row [ do the #forensics, then place them inside a bag for transport to a morgue])
- the bags look pretty clean
^-^
#Bucha #Ukraine #WarCrimes #media #médias
- Why are the bodies aready in plastic bags and are dragged out of the "mass burial grave" ?
- Why don't we actually see bolies without plastic bags
- from a pratical perspective it's easier to lay a body outside a muddy unstable surface ( that means you would aline them all in a row [ do the #forensics, then place them inside a bag for transport to a morgue])
- the bags look pretty clean
^-^
#Bucha #Ukraine #WarCrimes #media #médias
Andriller
https://github.com/den4uk/andriller
Software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. It has features, such as powerful Lockscreen cracking for Pattern, PIN code, or Password; custom decoders for Apps data from Android (some Apple iOS & Windows) databases for decoding communications. Extraction and decoders produce reports in HTML and Excel formats.
Features
Automated data extraction and decoding
Data extraction of non-rooted without devices by Android Backup (Android versions 4.x, varied/limited support)
Data extraction with root permissions: root ADB daemon, CWM recovery mode, or SU binary (Superuser/SuperSU)
Data parsing and decoding for Folder structure, Tarball files (from nanddroid backups), and Android Backup (backup.ab files)
Selection of individual database decoders for Android apps
Decryption of encrypted WhatsApp archived databases (.crypt to .crypt12, must have the right key file)
Lockscreen cracking for Pattern, PIN, Password (not gatekeeper)
Unpacking the Android backup files
Screen capture of a device's display screen
📡@NoGoolag 📡@Libreware
#andriller #android #forensics #backup
https://github.com/den4uk/andriller
Software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. It has features, such as powerful Lockscreen cracking for Pattern, PIN code, or Password; custom decoders for Apps data from Android (some Apple iOS & Windows) databases for decoding communications. Extraction and decoders produce reports in HTML and Excel formats.
Features
Automated data extraction and decoding
Data extraction of non-rooted without devices by Android Backup (Android versions 4.x, varied/limited support)
Data extraction with root permissions: root ADB daemon, CWM recovery mode, or SU binary (Superuser/SuperSU)
Data parsing and decoding for Folder structure, Tarball files (from nanddroid backups), and Android Backup (backup.ab files)
Selection of individual database decoders for Android apps
Decryption of encrypted WhatsApp archived databases (.crypt to .crypt12, must have the right key file)
Lockscreen cracking for Pattern, PIN, Password (not gatekeeper)
Unpacking the Android backup files
Screen capture of a device's display screen
📡@NoGoolag 📡@Libreware
#andriller #android #forensics #backup
GitHub
GitHub - den4uk/andriller: 📱 Andriller - is software utility with a collection of forensic tools for smartphones. It performs read…
📱 Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. - den4uk/andriller
Media is too big
VIEW IN TELEGRAM
Catching NSO Group's Pegasus spyware - Chaos Computer Club Berlin
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
https://docs.mvt.re/en/latest/
Github :
https://github.com/mvt-project/mvt
#Pegasus #NSO #Israel #MVT #Forensics #spywareDetection #FLOSS ccc.de
This talk will provide a behind-the-scenes look at how Amnesty International's Security Lab tracked NSO Group spyware over years and developed innovative forensic tools and techniques to detect the supposedly "undetectable" Pegasus spyware on infected devices.
These tools were ultimately used to identify traces of Pegasus spyware on the devices of numerous activists and journalists around the world.
The talk will demonstrate the open-source mobile forensic tool MVT, developed by Amnesty International during this investigation, which can be used to check mobile devices for signs of Pegasus and other sophisticated mobile spyware threats.
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
https://docs.mvt.re/en/latest/
Github :
https://github.com/mvt-project/mvt
#Pegasus #NSO #Israel #MVT #Forensics #spywareDetection #FLOSS ccc.de