The executive’s laptop had the very latest version of a cloud-based, next-generation antivirus endpoint detection and response software, which is likely very good at stopping the majority of attacks and threats his organization might face. Unfortunately, these systems still rely on signatures and known TTPs (tactics, techniques, and procedures) to protect the user and even heuristics will not guarantee detection.

To sniff Wi-Fi, we use Alfa USB Wi-Fi adapter which connects to laptop via USB. For longer range sniffing, the 16 dBi Yagi antenna can be connected to the Wi-Fi adapter, and then to the laptop.

Today, much of the malware still operates via the same concept of infecting machines and spreading throughout networks. Due to this, it only makes sense to approach malware at its genetic level in order to find relationships, origins, and leads that may aid in investigations of malware and threat actors, and add value to organizations that are trying to defend against various types of threats. Polito has tested a tool called I...

Speakers at the event were CEOs and Managing Directors from companies such as, Accenture Federal Services, RunSafe Security, George Mason University, and the Sovrin Foundation. Starting us off, Ira A. (Gus) Hunt, Managing Director and Cyber Strategy Lead of Accenture, covered an interesting topic of Cyber Resilience and how there is no such thing as absolute security. He asserted that it is the job of each Cyber Security compa...

At Polito Inc., our forensic experts often rely on X-Ways Forensics to rapidly acquire and analyze digital computer evidence. X-Ways Forensics is an increasingly popular tool in the Digital Forensics and Incident Response (DFIR) community largely due to its speed, reliability, and useful features such as support for a wide array of image formats, multi-threaded regex/keyword searching and file hashing, and 3rd party extensions...

There is a lot of confusion over deep web vs. dark web; they are often used interchangeably, which is wrong. In essence the term “deep web” simply means anything that a search engine cannot find or is not indexed, while the term “dark web” is going a little deeper under the surface and is classified as a small portion of the deep web that is intentionally hidden and inaccessible through standard web browsers.

Polito Inc. has partnered with ReversingLabs (RL) and has developed a plugin extension called ReversingLabs Lookup Utility for Autopsy. Autopsy (version 4) is an open source tool used for digital forensics investigations to conduct disk image, local drive, and folder and file analysis. Some of the Autopsy features include timeline analysis, keyword search, registry analysis, email analysis, file type sorting, hash set filterin...

While Pi-hole includes a nice web-based admin interface, I started to experiment with shipping its dnsmasq logs to the Elastic (AKA ELK) stack for security monitoring and threat hunting purposes. In the end, I quickly prototyped a Pi-hole based DNS sinkhole deployment, DNS log pipeline, and accompanying DNS log monitoring system thanks to Pi-hole’s dnsmasq implementation, the ELK (Elasticsearch, Logstash, and Kibana) stack, an...

The purpose of this blog post is not to provide an exhaustive overview of Meltdown and Spectre, but instead to provide key points and caveats to help arm stakeholders as they perform risk assessments and implement mitigation plans in their own environments.

Script2exe functions by packaging the original VBScript as an encrypted resource within a PE stub. The original script is retained in the EXE stub's resources section as a Bitmap resource numbered "129" after it is encrypted with RC4. Upon execution of the PE Stub, the resource is loaded into memory, decrypted, and executed.