Open in app
Home
Notifications
Lists
Stories

Write
Jean-Pierre GARNIER
Jean-Pierre GARNIER

Home

Jul 3, 2021

Driverless and userland Live Forensic with Event Tracing for Windows (ETW) to track suspicious network behaviour

Analysis should not relies only on beautiful dashboards on your SIEM When you talk about incident response and network analysis, you are often confronted with two approaches (which can be sometimes implemented together) : IOC analysis based on whitelists,blacklists, indicators of compromise and technical CTI data, you can compare every IP/domain connection to your indicators and try to find what’s wrong…

Infosec

6 min read

Driverless and userland Live Forensic with Event Tracing for Windows (ETW) to track suspicious…
Driverless and userland Live Forensic with Event Tracing for Windows (ETW) to track suspicious…

Feb 8, 2021

Golang for infosec — Building an EDR #Part3 — Registry and Startup folder persistence mechanisms hunting.

When we talk about detecting malware on a compromised system, it is most often a question of looking at the most representative behaviours of a malicious binary. All you have to focus on is usually based on tactics, techniques and procedures (TTPs). TTPs — an acronym that has become THE…

Threat Hunting

7 min read

Golang for computer security — Building an EDR #Part3 — Registry and Startup folder persistence…
Golang for computer security — Building an EDR #Part3 — Registry and Startup folder persistence…

Jan 6, 2021

Golang for infosec — Building an EDR #Part2 — YARA rules

In case you missed the first part of this serie, it was to illustrate how to use Go to read in the memory of Windows processes. With the help of Win32 API implementations we now have this valuable content. All that remains is to analyze it. …

Go

5 min read

Golang for computer security — Building an EDR #Part2 — YARA rules
Golang for computer security — Building an EDR #Part2 — YARA rules

Jan 2, 2021

Golang for infosec — Building an EDR #Part1 —processes memory

Despite all the difficulties of 2020, I enjoy learning new things every day and that’s why I decided to learn Go this year. What could be better than a concrete project to embark on such an adventure and if you want to start, you might as well do it with…

Security

5 min read

Golang for computer security — Building an EDR #Part1 —processes memory
Golang for computer security — Building an EDR #Part1 —processes memory
Jean-Pierre GARNIER

Jean-Pierre GARNIER

Following
  • Priyansh Khodiyar

    Priyansh Khodiyar

  • Lea Verou

    Lea Verou

  • Guillaume Loulier

    Guillaume Loulier

  • react-europe

    react-europe

  • David Wells

    David Wells

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Knowable