How to search for IOCs on a Linux machine using Loki IOC and APT scanner

This is a quick guide to running Loki APT Scanner to check for IOCs on a Linux machine. Debian/Ubuntu: – Run the below to setup install loki, get rules and update Loki. sudo su - apt-get install libssl-dev git clone https://github.com/Neo23x0/Loki.git cd Loki source bin/activate pip install colorama yara-python psutil rfc5424-logging-handler netaddr python3 loki-upgrader.py – To run Loki Scanner…

Passware Kit Forensic

The world leader in encrypted electronic evidence discovery and decryption. Finds all password-protected items on a computer and then decrypts them. Works with more than 280 file types and various cloud data platforms.

https://find-your-software.com/passware/kit-forensic/

Cybersecurity Glossary

Over the course of this year I have explained to colleagues and clients who’s roles are not in Cybersecurity what certain phrases or abbreviations mean. After I while I started to drop them into a word document so I could reuse them. Then I decided to make this post so I can easily share the explanations. There are bound to be things missing, please drop a comment if I have missed something and…

View On WordPress

Dissect - Digital Forensics, Incident Response Framework And Toolset That Allows You To Quickly Access And Analyse Forensic Artefacts From Various Disk And File Formats

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group). This project is a meta package, it will install all other Dissect modules with the right combination of versions. For more information, please see the documentation. What is…

View On WordPress

An Introduction to Cybersecurity

I created this post for the Studyblr Masterpost Jam, check out the tag for more cool masterposts from folks in the studyblr community!

What is cybersecurity?

Cybersecurity is all about securing technology and processes - making sure that the software, hardware, and networks that run the world do exactly what they need to do and can't be abused by bad actors.

The CIA triad is a concept used to explain the three goals of cybersecurity. The pieces are:

Confidentiality: ensuring that information is kept secret, so it can only be viewed by the people who are allowed to do so. This involves encrypting data, requiring authentication before viewing data, and more.

Integrity: ensuring that information is trustworthy and cannot be tampered with. For example, this involves making sure that no one changes the contents of the file you're trying to download or intercepts your text messages.

Availability: ensuring that the services you need are there when you need them. Blocking every single person from accessing a piece of valuable information would be secure, but completely unusable, so we have to think about availability. This can also mean blocking DDoS attacks or fixing flaws in software that cause crashes or service issues.

What are some specializations within cybersecurity? What do cybersecurity professionals do?

incident response

digital forensics (often combined with incident response in the acronym DFIR)

reverse engineering

cryptography

governance/compliance/risk management

penetration testing/ethical hacking

vulnerability research/bug bounty

threat intelligence

cloud security

industrial/IoT security, often called Operational Technology (OT)

security engineering/writing code for cybersecurity tools (this is what I do!)

and more!

Where do cybersecurity professionals work?

I view the industry in three big chunks: vendors, everyday companies (for lack of a better term), and government. It's more complicated than that, but it helps.

Vendors make and sell security tools or services to other companies. Some examples are Crowdstrike, Cisco, Microsoft, Palo Alto, EY, etc. Vendors can be giant multinational corporations or small startups. Security tools can include software and hardware, while services can include consulting, technical support, or incident response or digital forensics services. Some companies are Managed Security Service Providers (MSSPs), which means that they serve as the security team for many other (often small) businesses.

Everyday companies include everyone from giant companies like Coca-Cola to the mom and pop shop down the street. Every company is a tech company now, and someone has to be in charge of securing things. Some businesses will have their own internal security teams that respond to incidents. Many companies buy tools provided by vendors like the ones above, and someone has to manage them. Small companies with small tech departments might dump all cybersecurity responsibilities on the IT team (or outsource things to a MSSP), or larger ones may have a dedicated security staff.

Government cybersecurity work can involve a lot of things, from securing the local water supply to working for the big three letter agencies. In the U.S. at least, there are also a lot of government contractors, who are their own individual companies but the vast majority of what they do is for the government. MITRE is one example, and the federal research labs and some university-affiliated labs are an extension of this. Government work and military contractor work are where geopolitics and ethics come into play most clearly, so just… be mindful.

What do academics in cybersecurity research?

A wide variety of things! You can get a good idea by browsing the papers from the ACM's Computer and Communications Security Conference. Some of the big research areas that I'm aware of are:

cryptography & post-quantum cryptography

machine learning model security & alignment

formal proofs of a program & programming language security

security & privacy

security of network protocols

vulnerability research & developing new attack vectors

Cybersecurity seems niche at first, but it actually covers a huge range of topics all across technology and policy. It's vital to running the world today, and I'm obviously biased but I think it's a fascinating topic to learn about. I'll be posting a new cybersecurity masterpost each day this week as a part of the #StudyblrMasterpostJam, so keep an eye out for tomorrow's post! In the meantime, check out the tag and see what other folks are posting about :D

Oooh that's lovely dear 🎊💐

And hmm you ain't wrong in going about security/forensics domain. There's a lot of positions coming up for that field in future.

All the best for your future 🤩

PS. check out DFIR DIVA on YT. 💯

I certainly will, thank you 💕💕💕

Uttar Pradesh's Transport Minister, Daya Shankar Singh, praised IIMT College for promoting cyber safety. Online fraud is a common issue, and COE-DFIR, a collaboration between IIMT College and Future Crime Research Foundation, aims to train future cyber defenders.

.

Call Us: 9520886860

.

#IIMTIndia #IIMTian #IIMTNoida #IIMTGreaterNoida #IIMTDelhiNCR

#CyberSafety #IIMTCollege #COEDFIR #CyberDefense #DigitalSecurity #OnlineFraudPrevention #FutureCyberDefenders #UPTransportMinister #TechEducation #SafeOnline #CyberAwareness

Interlock ransomware group has developed a new remote access trojan (RAT) designed to evade detection.

Security researchers from The DFIR Report, in collaboration with Proofpoint, have identified a significant new campaign by the Interlock ransomware group. The threat actors are leveraging a newly developed remote access trojan (RAT) to target organizations across multiple sectors, marking a notable evolution in their tactics and tooling. Sophisticated Infection Chain The campaign begins with…

DFIR - Analyze Windows Event Logs (evtx) from a Linux machine using sigma rules, chainsaw and evtx dump

At work, I had a task to perform a quick compromise assessment for a hacked Windows server and I got a bunch of etvx files from the suspected host for analysis. I run Linux Mint + i3-gaps and its much easier and productive performing forensics from a Linux machine than Windows in my honest opinion. This post is meant for Linux users who want to perform Digital Forensics to find IOCs from Windows…

Mastering Cloud Investigation: Best Practices for Google Workspace & Microsoft 365 Forensics

Introduction:

In today's digital-first world, organizations rely heavily on cloud platforms like Google Workspace and Microsoft 365. But with convenience comes vulnerability. Data breaches, insider threats, and compliance violations demand a forensic approach that goes beyond traditional methods.

In this post, we explore practical forensic strategies to efficiently collect, analyze, and preserve cloud evidence within these platforms — ensuring your investigations are accurate, secure, and legally sound.

Key Highlights:

✅ Understanding native logging capabilities ✅ Importance of API-based evidence extraction ✅ Techniques for maintaining chain of custody ✅ Best tools and automation options ✅ Legal and compliance considerations ✅ Post-incident response checklist ✅ Real-world use cases and challenges

Whether you're a forensic analyst, IT admin, or part of an incident response team, mastering these practices is essential for handling digital investigations in cloud-native environments.

Why This Blog Matters:

Traditional forensic methods fall short in SaaS ecosystems. This blog by Cyint Technologies, a trusted leader in forensic solutions, bridges the knowledge gap with actionable insights tailored to modern enterprise needs.

Learn how to:

Read the Full Blog Here:

👉 https://www.cyint.in/post/best-practices-for-google-workspace-microsoft-365-forensics

About Cyint Technologies:

Cyint Technologies empowers organizations with advanced digital forensics solutions, training, and investigation tools. Our solutions are trusted by law enforcement, regulatory bodies, and enterprise security teams across India and beyond.

#CloudForensics #GoogleWorkspace #Microsoft365 #DigitalInvestigation #CyberSecurity #IncidentResponse #DFIR #CyintTechnologies #CloudSecurity #EmailForensics

Comprehensive DFIR Services by Netrika

Netrika offers expert Digital Forensics and Incident Response (DFIR) services to swiftly identify, investigate, and mitigate cybersecurity incidents. Our comprehensive solutions include data extraction and analysis, disk imaging, mobile forensics, cloud-based analysis, email investigation, social media discovery, network forensics, video/image forensics, and specialized training. Leveraging cutting-edge tools and methodologies, Netrika ensures rapid threat detection and response to protect your organization’s digital infrastructure.

Digital Forensics Incident Response (DFIR)

The Opportunity: Permanent role Work location: East Work hours: Mon to Fri 9am – 6pm Adecco is partnering with recognised organisation and they are looking for Digital Forensics Incident Response (DFIR) to join the Team! A great oppo… Apply Now

"The Hydro Project at UC Berkeley is developing cloud-native programming models that allow anyone to develop scalable and resilient distributed applications. Our research spans across databases, distributed systems, and programming languages to deliver a modern, end-to-end stack for cloud programming." A part of that is the Rust Hydro library, for writing choreographed distributed dataflow programs. I.e. run it on a cluster or couple processes, with primitives for sending data etc.

They have also published a number of interesting-looking papers exploring topics such as defining the foundational semantic properties of streaming languages (streaming progress and eager execution) and rule-based rewriting of distributed algorithms, CRTDs and Byzantine Fault Tolerant protocols to make them more scalable without being error-prone. The 2021 New Directions in Cloud Programming sets the direction for the project (and I appreciate its decomplecting of the aspects of distributed systems :)), and the 2021 master thesis Hydroflow: A Model and Runtime for Distributed Systems Programming provides, I assume, background for Hydro. It states:

[..] Hydroflow new cloud programming model used to create constructively correct distributed systems. The model is a refinement and unification of the existing dataflow and reactive programming models. Like dataflow, Hydroflow is based on an algebra of operators which execute in streaming fashion across multiple nodes. [..] construct provably monotonic distributed programs which can always make forward progress without incurring the high cost of coordination. Hydroflow is primarily a low-level compilation target for future declarative cloud programming languages, [..]

More about the 2025 Hydro:

Hydro is a high-level distributed programming framework for Rust. Hydro can help you quickly write scalable distributed services that are correct by construction. Much like Rust helps with memory safety, Hydro helps with distributed safety. Hydro also makes it easy to get started by running your distributed programs in either testing or deployment modes.

Hydro is a distributed dataflow language, powered by the high-performance single-threaded DFIR runtime. Unlike traditional architectures such as actors or RPCs, Hydro offers choreographic APIs, where expressions and functions can describe computation that takes place across many locations. It also integrates with Hydro Deploy to make it easy to deploy and run distributed Hydro programs either locally or in the cloud.