malware

Long story short, Persistence

December 4, 2023
Shanna Daly
Forensics, Incident Response
ATT&CK: TA0003, Persistence, Defence evasion, webshells, malware, ATT&CK: T1574, ATT&CK: T1505, ATT&CK: T1021

In this post I am pulling parts out of a talk that I did called “Long story short”. I delivered variations of this talk online for NZITF and the ICSL MRE webinar series in 2022 and also in person at CRESTCon 2022 in Canberra. I found these interesting at the time as they were novel to us (back then), and that a lack of detection and response capabilities enabled this threat actor to carry out their activities unhindered. ...

Hunting webshells

November 9, 2023
Shanna Daly
Forensics, Incident Response
webshells, malware, ATT&CK: T1505

In the dynamic field of incident response, the unexpected is the only guarantee. Requiring responders to adapt, utilise diverse skill sets, and employ various tools to achieve our objectives. In this post, I delve into three different webshell investigations that I conducted back in 2020, shedding light on the importance of versatility in digital forensics and incident response (DFIR). We explore the intricacies of DFIR work, the toolbox at our disposal, and the decision-making process behind selecting the right tools for the job. ...