Guzzy’s world about IR & Nothing

The research is still ongoing :-) I have been studying mr.d0x blogposts, and recently stumbled upon his new article about ClickFix and FileFix. For those of you that do not know what ClickFix is about, it is a sneaky social engineering trick. Attackers set up fake sites like fake updates or CAPTCHA pages that copy a malicious command to your clipboard. You are then told to hit Win+R, paste, and run it. Just like that, you install the malware yourself. ...

SANS FOR509 in Copenhagen – What a week Thanks Antti for the image Last week I attended SANS FOR509 – Enterprise Cloud Forensics and Incident Response in Copenhagen. The course is focused on cloud investigations across Microsoft 365, Azure, AWS, Google Workspace and Kubernetes. It was taught by Korstiaan Stam, who brought tons of experience. Before the course I had worked quite a bit with Azure and had handled a few BEC cases in M365. I had no real experience with AWS, GCP or Kubernetes. That changed quickly. The course does a great job at tying things together and focusing on what matters during an investigation. ...

When shit hits the fan So I was recently on a Digital Forensics assignment for a customer, where I had to collect evidence from the suspects laptop. I had to brush the dust of my DFIR-skills, as these types of assignments are too common for us. For this case I quickly looked at what we had in our Go-Bag, and I noticed that we were met with two hardware writer blockers from wiebetech. Cool we got everything we need to capture our image, didn’t we? ...

Introduction I have gotten a few inquiries regarding how it is to work as a consultant, and what makes this profession so exciting. My name is Christian Henriksen, and I work as a Cybersecurity Consultant at Trifork Security in Denmark. My primary job areas are quite broad compared to other consultants, but I primarily work in Managed Detection & Response (MDR), Offensive Security and also participate as Incident Response Lead for our Incident Response team. ...

In this blog post, I will take a look at a cool tool that I have been working with the last couple of weeks, called WAFW00F. WAFW00F is a tool for fingerprinting if a webserver has a Web Application Firewall. Image is from WAFW00F Github What is a Web Application Firewall (WAF)? What is Fingerprinting? What is WAFW00F How to use WAFW00F References What is a Web Application Firewall (WAF)? ...

In this blog post, I will try to enlighten some of the questions that a new candidate in this industry might stumble upon. I will build my points on my own experience being fairly new, therefore this might not apply to you. However, I’m sure that you can relate to at least, some of the upcoming points. This post is inspired by a talk that @David Thejl-Clayton gave on an internal FDCA webinar. ...

Hvad er FDCA, hvordan bliver man medlem, og hvad laver en cyber forening egentligt? Det vil jeg prøve at beskrive i følgende blog post. This post is in Danish, and will eventually be posted in English Hvad er Cyberværnepligten? Cyberværnepligten er et politisk udspil der skal udklække ~30+ nye digitale sikkerhedstalenter om året - vis formål er at være ambassadører for god IT-sikkerhed i det danske kongerige. ...