I've wondered for some time now, how do "customers" (recipients of DFIR services) determine the quality and accuracy of the rendered product? Throughout my time in the industry, I've known some customers to "seek a second opinion", but is this … [Continue Reading]
KAPE 0.8.6.1 released
Changes in this release include:- When using transfer options, transfer module output to destination when --zm true is used. This pushes the output from modules as a zip file to the destination server. You can still optionally transfer target … [Continue Reading]
Downloading Executables Over DNS: Capture Files
In my BruCON training “Malicious Documents For Red Teams” (October 2019), we will cover downloading of files over DNS. I Tweeted about downloading Mimikatz via DNS-over-HTTPS with an Excel sheet. I’m not releasing the Python code to serve files via … [Continue Reading]