Posts Archived Under "Incident Response"

Updated AppLocker Dump Script

Updated AppLocker Dump Script

I have created a new version of this script so that it is better aligned with the conventions I use for other PowerShell scripts.

Read More 
Inspecting AppLocker Policy

Inspecting AppLocker Policy

While doing incident response, if AppLocker is being used but the computer still got infected by a malicious executable, it is useful to know exactly what AppLocker policy is currently applied.

Read More 
"Check my CV", Generating YARA Rules

"Check my CV", Generating YARA Rules

Recently, one e-Mail that was sent to one of my colleagues caught my attention. The message was quite believable but there were some little subtleties that gave it away. First step was to get the attachment out of the message and do an initial analysis.

Read More