This is the infosec blog of Aussie PatH, opinions are my own. Code and Examples are on Github.
Posts
Investigating realtime detections on iOS using Unified Logging
Gaining Threat-Intelligence the REALLY dodgy way
Linux cloud memory forensics tutorial
Tool - Use TouchID and the Secure Enclave from the commandline
Commandline Cloaking 2 - Tetragon and Nim
Tool - Using AWS Lambdas to distribute WebRequests
SIEMCraft - Security detection monitoring using Minecraft
Tool - Create run VPNs in various clouds
Tool - Use Terraform and Bitcoin to run VMs
Commandline Cloaking and Sysmon for Linux
Hunting Sliver
DEF CON 29: Bad BPF - Warping reality using eBPF
Detecting Kernel Hooking using eBPF
ETW on Windows 11 - Initial thoughts
Gaining Threat-Intelligence the dodgy way
Mapping It Out: Analyzing the Security of eBPF Maps
Using eBPF to uncover in-memory loading
Experimenting with Protected Processes and Threat-Intelligence
Hunting Koadic Pt. 2 - JARM Fingerprinting
Tracking Windows Updates with Git and CI
Getting more out of the Windows Filtering ETW Events
Introducing Sealighter - Sysmon-Like research tool for ETW
Experimenting with Ghidra Scripting
Using Python Bandit to find dodgy packages
Hunting Koadic across Shodan
subscribe via RSS