Volatile Memory Analysis With Volatility : Coreflood Trojan part 2
In this post we will analyze CoreFlood malware using more advanced concepts of volatile Memory analysis with Volatility Framework.
Volatile Memory Analysis With Volatility : Coreflood Trojan
Introduction This is the first post of multi part series in which we will walk through basics of volatile Memory analysis with Volatility. Though some knowledge of Windows Internal is desirable but I will try to cover things as we progress. In this post, we will start with analyzing Coreflood Trojan with basic command and […]
GEN AI: Data Analysis with LLMs Running on Google Collab
Introduction In this article we will learn how to leverage the power of LLMs running on google collab to analyze and visualize data. By the end of this article you will be able to load data from a csv file into pandas dataframe and gain insights into your data. To build this POC we will […]
GEN AI: RAG with Chat History using LangChain & Ollama for free
Introduction In this article we will learn how to use LLMs to get more insights into a website for free. We will start with setting up ollama on google Collab and then will dive deeper into RAG and chat history. For more information on how to do this setup, please go through below article. By […]
Running Ollama on Google Colab and using LLM models for free
In this short tutorial we will discuss how we can harness the powers of Large Language Models (LLMs) without buying expensive laptops, computers and without burning a hole in your pocket. Ollama makes it possible to leverage powerful large language models (LLMs) like mistral, llama3 etc. without needing a powerful expensive compute machine. Google Colab’s […]
AI with GROQ: A Foray into GEN AI and LLMs
For some time now, I was getting lot of request from friends asking me how to start with GenAI? how to implement it for there customers etc etc. So decided to put this small definitive guide which anyone can use to start and explore capabilities provided by Large Language Models (LLMs). Before we start let […]
How to stop Windows Server auto-shutdown every hour after license expire
Recently I was cleaning up old test VMs from my laptop and while doing so observed that a test VM with Windows 10 Enterprise Evaluation version would restart almost every hour. This interested me and I decided to figure out how Microsoft is achieving this. Issue After Windows license expires, you will see a similar […]
CVE-2021-2109: Oracle Weblogic/Peoplesoft Malware attack and Analysis
Introduction People working on Oracle stack must have worked on Oracle Weblogic, application server for hosting enterprise applications. Oracle Weblogic is a leading player in the industry and most of the products from Oracle like PeopleSoft, OBIEE use it for hosting applications. I am working with Oracle products for past many years now and have […]
CyberDefenders- HoneyPot : WireShark PCAP Analysis
Challenge Details: A PCAP analysis exercise highlighting attacker’s interactions with honeypots and how automatic exploitation works. As the part of this challenge a pcap file, HoneyBot.pcap is provided and based on it we have to answer questions. As part of this writeup and analysis, I will refrain from posting exact answers and would recommend you […]
Cyberdefenders.org PacketMaze Challenge: Part 2 Wireshark Pcap analysis
This is a part 2 of challenge posted on cyberdefenders.org and you can find it here. For part 1, please refer to my previous post Q7:What is the server certificate public key that was used in TLS session: da4a0000342e4b73459d7360b4bea971cc303ac18d29b99067e46d16cc07f4ff? To answer this question, first lets filter the traffic by TLS protocol and navigate to any […]
Cyberdefenders.org PacketMaze Challenge: Part 1 Wireshark Pcap analysis
This is a brief writeup of challenge posted on cyberdefenders.org and you can find it here. Challenge As an analyst working for a security service provider, you have been tasked with analyzing a packet capture for a customer’s employee whose network activity has been monitored for a while -possible insider As part of this challenge […]