When you investigate an incident, it’s critical to establish the exact time of the attack and method used to compromise the system. This enables you to track the entire chain of operations performed by the malefactor. Today, I will show how to do this using the Timesketch tool.

Is the phrase “This script contains malicious content and has been blocked by your antivirus software” familiar to you? It’s generated by Antimalware Scan Interface (AMSI), a protection mechanism embedded in Windows 10 that blocks the execution of malicious scripts. But can AMSI be bypassed? Sure, and today I will show how to do this.

Being employed with BI.ZONE, I have to exploit Blind SQL injection vulnerabilities on a regular basis. In fact, I encounter Blind-based cases even more frequently than Union- or Error-based ones. But how to raise the efficiency of such attack? This article provides an overview of approaches used to exploit Blind SQL injection and techniques expediting the exploitation.

Once a quarter, PostgreSQL publishes minor releases containing vulnerabilities. Sometimes, such bugs make it possible to make an unprivileged user a local king superuser. To fix them, Postgres DBAs release patches simultaneously with the updates and sleep peacefully. However, many forks share a large codebase with PG and remain vulnerable! I reviewed the historical Postgres CVEs in search of interesting security holes and found plenty of exciting stuff there.

As you are likely aware, forensic analysis tools quickly become obsolete, while hackers continuously invent new techniques enabling them to cover tracks! As a result, valiant DFIR (Digital Forensics and Incident Response) fighters suffer fiascoes on a regular basis. So, I suggest to put aside the outdated (but no less sharp Scalpel) for now and look around for new tools.

Network fraudsters and carders continuously invent new ways to steal money from cardholders and card accounts. This article discusses techniques used by criminals to bypass security systems protecting bank cards.

Antiviruses are extremely useful tools – but not in situations when you need to remain unnoticed on an attacked network. Today, I will explain how to fool antivirus programs and avoid detection in compromised systems during penetration testing.