Brian Clark

New report from Palo Alto’s Unit42 on sophisticated attacks with long dwell times by one or more Chinese threat groups. There is a lot going on in this article and much of it likely doesn’t apply to my organization, but I try to learn from reports like this at least one thing that I can bring to my organization to improve our security posture. In this case I learned about DumpIt — a new-to-me free multiplatform forensics tool. I’m going to add that to an upcoming threat hunt and will build detections for it as well. #cybersecurity #threatintel

https://unit42.paloaltonetworks.com/cl-unk-1068-targets-critical-sectors/

An Investigation Into Years of Undetected Operations Targeting High-Value Sectors

In-depth analysis of threat activity we call CL-UNK-1068. We discuss their toolset, including tunneling, reconnaissance and credential theft.

Unit 42
Mar 7 at 10:06pmWeb
Show threadBrian ClarkMar 7
Here’s more information on DumpIt for Linux https://github.com/MagnetForensics/dumpit-linux
GitHub - MagnetForensics/dumpit-linux: Memory acquisition for Linux that makes sense.

Memory acquisition for Linux that makes sense. Contribute to MagnetForensics/dumpit-linux development by creating an account on GitHub.

GitHub
Show threadBrian ClarkMar 7
And here’s how to get DumpIt for Windows https://www.magnetforensics.com/resources/magnet-dumpit-for-windows/
Magnet DumpIt for Windows - Magnet Forensics

Magnet DumpIt for Windows is a fast memory acquisition tool for Windows (x86, x64, ARM64). Generate full memory crash dumps of Windows machines.

Magnet Forensics