Digital Operatives recently completed a DARPA Cyber Fast Track (CFT) contract called Process Attribution in Network Traffic (PAINT). The goal of this project was to build an easy-to-use software product capable of attributing originating and receiving Process IDs (PIDs) and Process Names for TCP/IP packets on a Windows system in real-time.
- Exploiting Weak Shellcode Hashes to Thwart Module Discovery; or, Go Home, Malware, You’re Drunk!
- Unintended Consequences of Equation Group Malware
- HAVOC – Halting Attacks Via Obstructing Configurations – Part One
- New World Order – When Databases Collide
- Ghost in the Shellcode 2015 Write-up, Forensics 200: “CloudFS”