Sabitlenmiş Tweet
AbdulRhman Alfaifi 🇸🇦
5.5K posts
AbdulRhman Alfaifi 🇸🇦
@A__ALFAIFI
#DFIR, #Developer, #Rust I write blogs about stuff that interest me, check them out at https://t.co/5bspWHXTUL Instagram: @abdulrhman_u0041
Katılım Ekim 2011
269 Takip Edilen1.7K Takipçiler
Hi,
A recent Windows update introduced changes to the Notepad artifact that I wrote about earlier last year. I’ve updated both the blog post and the parser to support it.
The changes are significant, you can read more details at the link below.
u0041.co/posts/articals…
English
Hi 👋
I just published a new blog post about the Windows Jumplist artifact which covered its value in Digital Forensics and Incident Response (DFIR), its file structure, in addition, I built a parser for it in Rust 🦀.
read more from the link below
u0041.co/posts/articals…
English
السلام عليكم 👋
كتبت مدونة جديدة عن Jumplist، وهو من الـ Windows artifacts المهمة في مجال التحقيق الجنائي الرقمي (DFIR). شرحت فيها فائدة هذا الملف، تركيبة البيانات داخله، و كتبت parser بلغة Rust 🦀 لاستخراج المعلومات منه.
إتقدر تقرأ أكثر من الرابط تحت
u0041.co/posts/articals…
العربية
AbdulRhman Alfaifi 🇸🇦 retweetledi
نسعد اليوم في Catchify بالإعلان رسميًا عن إطلاق منصة PTaaS، منصة متكاملة تلبي كل احتياجات الـ PTaaS مع جميع التسهيلات والمميزات التي تغطي كافة المتطلبات
Catchify@CatchifySA
We’re excited to announce the launch of our Penetration Testing as a Service (PTaaS) platform. With Catchify PTaaS, you can: - kick off and manage pentests with guided workflows - stay on top of every stage with clear status tracking view and prioritize findings with transparent scoring - retest and validate fixes without extra hassle - get direct access to our pool of top security researchers and experts - sync everything to Jira for smooth issue tracking All designed to give you control, simplify processes, and strengthen your security posture. Curious to see how it works? Visit: docs.catchify.sa
العربية
@mcohmi Yeah, this artifact is kind of annoying 😅
Good thing it isn’t that relevant in enterprise environments yet
English
The new Notepad files format is a PITA cause it kept changing as a group of us were looking into it. New fields were added in recent updates and it wasn't easy to match newer versions with the correct fields.
The Notepad team should just release the debug symbols. 😭
AbdulRhman Alfaifi 🇸🇦@A__ALFAIFI
Hello 👋 During the past few months I have been working on and off on the relatively new Windows 11 artifact for Notepad. I Wrote a blog post about my analysis for this artifact, in addition to a #Rust parser 🦀! read more: u0041.co/posts/articals… #DFIR #blueteam #CyberSecurity
English
Thanks to the people who documented there findings before me, here are some of them (I don't have all of there accounts 😅)
@nas_bench @_JohnHammond @mcohmi
English
Hello 👋
During the past few months I have been working on and off on the relatively new Windows 11 artifact for Notepad. I Wrote a blog post about my analysis for this artifact, in addition to a #Rust parser 🦀!
read more:
u0041.co/posts/articals…
#DFIR #blueteam #CyberSecurity
English
AbdulRhman Alfaifi 🇸🇦 retweetledi
Excited to share a new Python script I've been working on! ✨
Convert Sigma rules to Kibana rules effortlessly and push them to your Elastic server for enhanced detection capabilities.
#Python #SigmaRules #Kibana #Elastic #CyberSecurity
github.com/salehmuhaysin/…
English
AbdulRhman Alfaifi 🇸🇦 retweetledi
منتج رهيب من شركة محلية في ال automated #ThreatHunting و ال #DFIR
SandsBytes@SandsBytes
🚀 Boost your digital investigations with CyberBomah!🕵️♂️💻 Simplify team collaboration, streamline evidence parsing analysis. 📊🔍 Uncover hidden insights and swiftly respond to incidents. Level up your DFIR game with CyberBomah! #DFIR #IncidentResponse cyberbomah.com
العربية
AbdulRhman Alfaifi 🇸🇦 retweetledi
عزز تحقيقاتك الرقمية لإكتشاف العمليات المشبوهة تلقائيا في المنظومة لزيادة الكفاءة والإنتاجية وسرعة التحليل مع سايبربوماه📊🔍 #DFIR #استجابة_للحوادث
cyberbomah.com
العربية
AbdulRhman Alfaifi 🇸🇦 retweetledi
Check out my new project Microsoft-Analyzer-Suite (Community Edition). A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID extracted by Microsoft-Extractor-Suite. @InvictusIR #M365 #BEC #DFIR
github.com/evild3ad/Micro…
English
AbdulRhman Alfaifi 🇸🇦 retweetledi
هلا هلا يا هلا،
عُدنا ونستكمل سلسلة #شروحات_سيبرانية، بموضوع خفيف لطيف:
Attacking e-commerce applications
English version:
nasser-1.gitbook.io/blog-1/write-u…
Hello 👋
New update to Fennec with the version number 0.4.1, here are the highlight of this version:
- Added process signal handling (ie. CTRL+C)
- Added the capability to run Fennec with non root permissions (not recommended, but you have the option :D)
github.com/AbdulRhmanAlfa…
English
AbdulRhman Alfaifi 🇸🇦 retweetledi
السلام عليكم، عندي موضوع بسيط استفدت منه بتحليل الobfuscated scripts مثل JS/PS/VBA بطريقة سهلة وممتازة وهي عن طريق استخدام الAMSI لعمل deobfuscating..
العربية
AbdulRhman Alfaifi 🇸🇦 retweetledi
#CyberSecurity #DFIR #OpenSource #GitHub #DFIRKuiper v2.3.5 released - added bug fixes Check CHANGELOG for details github.com/DFIRKuiper/Kui…
English
AbdulRhman Alfaifi 🇸🇦 retweetledi
AbdulRhman Alfaifi 🇸🇦 retweetledi
NetSupport Intrusion Results in Domain Compromise
➡️Initial Access: Zip in Email
➡️Execution: Batch scripts, NetSupport
➡️Credential Access: NTDS.dit dump, LSASS Dump
➡️Lateral Movement: RDP, SMB, wmiexec/atexec
➡️C2: NetSupport RAT, SSH Tunnel
thedfirreport.com/2023/10/30/net…
English
AbdulRhman Alfaifi 🇸🇦 retweetledi
سنقدم أنا وعبدالعزيز الوشمي @AlwashmiA
تدريب متقدم للاستجابة للحوادث في مؤتمر #blackhatmea و سنغطي الأساليب الحديثة للاستجابة للحوادث واسعة النطاق والحوادث المؤسسية.
حيث سكبنا جل خبرة سنوات طويلة في تقديم خدمات ال #DFIR محليًا ودوليًا بتدريب عملي
blackhatmea.com/trainings-list…
العربية
سنقدم أنا وصالح بن محيسن @saleh_muhaysin
تدريب متقدم للاستجابة للحوادث في مؤتمر #blackhatmea و سنغطي الأساليب الحديثة للاستجابة للحوادث واسعة النطاق والحوادث المؤسسية.
حيث سكبنا جل خبرة سنوات طويلة في تقديم خدمات ال #DFIR محليًا ودوليًا بتدريب عملي
blackhatmea.com/trainings-list…
العربية