Velociraptor is a digital forensic and incident response tool that allows to collect information on multiple endpoints at once, and easily analyze the collected data using Notebooks and a query language (called Velociraptor Query Language, VQL), which is very similar to SQL. This makes Velociraptor a valuable tool for threat hunting over a large network.
ReadThe Windows Registry is a kind of database that stores a lot of important configuration parameters for Windows and installed applications. The specific of this database is that the data is actually stored in different files called hives. One of these is the SAM (Security Account Manager) hive, which stores, among others, user passwords. Let's explore this hive a little..
ReadSysinternals is a collection of powerful utilities for Windows. They can be used by system administrators to perform local or remote system administration, and also by analysts to perform some forensics tasks. The tools were originally developed by Mark Russinovich, and are now maintained by Microsoft. Here is how to install them...
ReadThis week we participated, with the colleagues from Cyber Command, in the milCERT exercise organized by the European Defence Agency (EDA). During this exercise the participating teams get tested in a task driven response & investigation activities on full-scale IT Infrastructure live fire environment.
ReadThe creation of the Cyber Defence Lab was an incremental process. So it's hard to define a precise birth date. There is actually only one date that can be seen as our birth date: the day we registered our domain name cylab.be. And that was on 21 October 2016. So we turn 7. Happy birthday to us!
ReadEric Zimmerman has written a collection of powerful forensics analysis tools. The installation process requires some work, but here is a step by step guide to install the tools on a Windows 11 computer.
ReadThis Wednesday we welcomed the Hungarian Cybersecurity Roadshow delegation. The Cybersecurity Roadshow delegation is composed of representatives of 14 Hungarian governmental actors, companies and R&D institutions which are active in the cyber defence sector. For 4 days, they are traveling around Europe to meet their peers.
ReadIf you are using the current version of the SIFT workstation, the installed version of RegRipper has a bug that shows the following error message: 'Global symbol "$plugindir" requires explicit package name'. Luckily this bug is easy to fix. Here is how...
ReadIn this blog post we will show how to implement continuous deployment with GitLab and docker compose. More precisely, we will show how to use a gitlab-ci pipeline to:
ReadEven if you are regularly updating your Ubuntu system, you may be running a relatively old version of the kernel. At the time of writing (28 August 2023), Ubuntu 22.04 ships with a kernel numbered 5.15.0, which was release on 31 October 2021. This is more than 2 years ago...
ReadThis week we are hosting the Cyber Summer School organized in collaboration with the Cyber Command.
ReadOn June 26, a collaboration agreement has been signed between the Royal Military Academy and the Cyber Command for research projects within the framework of the DIRS (Defence, Industry and Research Strategy).
Read