Category Archives: AntiX

Malware Tools, Tips and Tricks

Posted on 5 April 2024 by [email protected]

In the past, I used to maintain a Google Doc with all the tools I use or recommend for my students to use for Malware Analysis. A couple of days ago, while doing a Malware Analysis workshop for NW3C, I … Continue reading

Posted in Academia, AntiX, DFIR, Investigations, Malware, Research, Software/Tools | Tagged , , , | Leave a comment

Update: Hidden Prefetch Files Detection using New PECmd

Posted on 26 May 2019 by [email protected]

Before diving into this post, I wanted to say, that I have been teaching digital forensics for a long time by now, and in my Operating System Forensics class, I use Eric Zimmerman‘s tools a lot, and when I say … Continue reading

Posted in AntiX, ThreatHunting, Windows | Tagged , , , , , , , , | Comments Off on Update: Hidden Prefetch Files Detection using New PECmd

Creating a Hidden Prefetch File to Bypass Normal Forensic Analysis

Posted on 26 May 2019 by [email protected]

While doing more experiments of running EXEs and Malicious EXEs from ADS and Stealthy ADS to continue my previous work “Can We Say Farewell to Hiding Malicious EXEs in Stealth ADS“, and in order to create a forensic image and … Continue reading

Posted in AntiX, Forensics, ThreatHunting, Windows | Tagged , , , , , , , , | Comments Off on Creating a Hidden Prefetch File to Bypass Normal Forensic Analysis

Can We Say Farewell to Hiding Malicious EXEs in Stealth ADS

Posted on 24 May 2019 by [email protected]

One of my current students asked if using Stealth Alternate Data Streams (ADS), could bypass AVs? Therefore, I wanted to prove that for the student by doing a simple experiment. What was done is the following: 1. Turned off Windows … Continue reading

Posted in AntiX, Forensics, Malware, Metasploit, Windows | Tagged , , , , , , | Comments Off on Can We Say Farewell to Hiding Malicious EXEs in Stealth ADS