takahiroharuyama.github.io
CCIThe Presentation file is here. The content will be helpful if you use openioc_scan and onigiri.
http://takahiroharuyama.github.io/
The Presentation file is here. The content will be helpful if you use openioc_scan and onigiri.
http://takahiroharuyama.github.io/
TODAY'S RATING
>1,000,000
Date Range
HIGHEST TRAFFIC ON
Sunday
LOAD TIME
0.7 seconds
16x16
PAGES IN
THIS WEBSITE
9
SSL
EXTERNAL LINKS
5
SITE IP
151.101.40.133
LOAD TIME
0.688 sec
SCORE
6.2
CCI | takahiroharuyama.github.io Reviews
https://takahiroharuyama.github.io
The Presentation file is here. The content will be helpful if you use openioc_scan and onigiri.
takahiroharuyama.github.io
Blog Archive - CCI
http://takahiroharuyama.github.io/blog/archives
Presentation at SECURE 2015. Remote Malware Triage Automation. DFRWS EU Slide Deck and Generic IOCs. OpenIOC Parameters used by openioc scan. Fast Malware Triage using openioc scan Volatility Plugin. Memory Forensics: still aborted. ID/IDAPython scripts extracting PlugX configs. PlugX Builder/Controller (Type III, 0x840). 64bit big sized RAM Image Acquisition Problem. Presentation at SECURE 2015. Remote Malware Triage Automation. DFRWS EU Slide Deck and Generic IOCs. Tweets by @cci forensics.
ID/IDAPython scripts extracting PlugX configs - CCI
http://takahiroharuyama.github.io/blog/2014/03/27/id-slash-idapython-scripts-extracting-plugx-configs
ID/IDAPython Scripts Extracting PlugX Configs. I release Immunity Debugger and IDAPython scirpts dumping PlugX configs (and original PEs) then parsing them. IIJ-SECT (CSIRT team at IIJ, Inc.) classifies PlugX samples into 3 types: type I/II/III. In more detail, check our presentation. The Immunity Debugger script can be used for PlugX type I&II. The IDAPython script can parse type III configs. Distinction between Type I&II and III. ID Script for Type I&II. IDAPython Script for Type III. After the configu...
Remote Malware Triage Automation - CCI
http://takahiroharuyama.github.io/blog/2015/07/03/remote-malware-triage-automation
Remote Malware Triage Automation. I published the script automating remote malware triage with F-Response and openioc scan. F-Response provides read-only access to the full physical disk(s) of any networked computer. Additionally the physical memory (RAM) of most Microsoft Windows systems can be mounted. We can automate RAM acquisition from remote machine and IOC scan using F-Response COM API. I show the flow of the script. Let me know if any problem, request and bug. Presentation at SECURE 2015 ».
Fast Malware Triage using openioc_scan Volatility Plugin - CCI
http://takahiroharuyama.github.io/blog/2014/08/15/fast-malware-triage-using-openioc-scan-volatility-plugin
Fast Malware Triage Using Openioc scan Volatility Plugin. Last year, I proposed “volatile Indicators of Compromise (IOCs)” based on RAM evidence only at SANS DFIR Summit. We can detect malware using them faster than using disk-evidence-based IOCs. Besides, we can define indicators based on not only metadata (e.g., file path) but also malware function (e.g., code injection sign, imported functions and unpacked codes). The IOCs are described according to OpenIOC. Specification. IOC Editor. Openioc scan has...
Memory Forensics: still aborted - CCI
http://takahiroharuyama.github.io/blog/2014/04/21/memory-forensics-still-aborted
Memory Forensics: Still Aborted. 2 years ago, I talked about the anti memory forensic method by modifying Windows kernel data structure on victim systems at BlackHat Europe 2012. The situation is still the same. Abort Factors and PoC Driver. In the past presentation, I showed “Abort Factors”, they are key structures for virtual address translation, guessing OS version and listing kernel objects. Once they are modified, memory analysis tools cannot continue to analyze images. On the other hand, Redline (M...
TOTAL PAGES IN THIS WEBSITE
9
Black Hat USA 2015 | Arsenal
https://www.blackhat.com/us-15/arsenal.html
Active Directory Backdoors: Myth or Reality BTA: Open-Source Tool for AD Analysis. The presentation will be organized as follows:. We begin by describing the stakes around the Active Directory, centerpiece of any information system based on Microsoft technologies. We will continue by demonstrating some backdoors in order to keep admins rights or to help an intruder to quickly recover admins rights. We will present BTA and the methodology developed to analysis Active Directory. Maltego Remote Transforms f...
TOTAL LINKS TO THIS WEBSITE
5
takahirofujii.com
Index of /
Index of /
Apache/2.2.29 (Unix) mod ssl/2.2.29 OpenSSL/1.0.1e-fips mod bwlimited/1.4 Server at www.takahirohakuno.com Port 80.
___PHOTOGRAPHER 濱田貴大___
2008 10.22 WORKSページ更新. 2008 07.16 WORKSページ更新. 2008 07.15 PROFILEページ更新.
CCI
Presentation at SECURE 2015. The Presentation file is here. The content will be helpful if you use openioc scan and onigiri. Remote Malware Triage Automation. I published the script automating remote malware triage with F-Response and openioc scan. Read on →. DFRWS EU Slide Deck and Generic IOCs. Ldquo;Fast and Generic Malware Triage Using openioc scan Volatility Plugin”. Is uploaded to SlideShare. The code and IOC examples are located in GitHub. Please let me know if you have any question and request.
Takahiro HayakawaTakahiro Hayakawa
Nishino Work Shop Project. NWP Nishino Work Shop Project. 東北福祉大学 感性デザインコース 西野ゼミでは、東日本大震災における被災地支援のためのアート ワークショップを行っています。 西野毅史 主催 東北福祉大学 感性デザインコース 助教. 早川貴泰 神奈川工科大学 情報メディア学科 特別研究員. 協力 せんだんの杜ものう C-DEPOT 早川貴泰. 協賛 日本教育心理学会 美術出版サービスセンター 河田額装. 内容 二人展 / 切り絵作家 山本理子. 会 期 2011年8月15日(月) – 27日(土) 11:00-19:00. 会 場 旧日本銀行 広島支店. EXHIBITION C-DEPOT 2011 GRAVITY. イベント内容 グループ展 / アニメーション上映. 会 期 2011年7月20日(水) – 24日(日) 11:00-20:00. 会 場 スパイラルガーデン スパイラル1F. 詳細 http:/ www.c-depot.org/exhibition.html. 日時 3月13日(日) 12-18時 19時から懇親会.
takahirohirata.com
Pianist Takahiro Hoshino
TAKAHIRO ICHIKAWA | photographer
TAKAHIROID.COM -松本タカヒロ- Home Page
TAKAHIRO MATSUMOTO OFFICIAL WEB. Produce / Sound produce / Compose / Arrangement / Lyrics / Guitar / Vocal. Http:/ www.i2i-music.com/.
SOCIAL ENGAGEMENT