Posts

Automating DFIR pipelines with OpenRelik
Automating DFIR pipelines …

Automating DFIR pipelines with OpenRelik

Rationale

In a previous blog post, I explored the potential of Velociraptor as a tool for acquiring artefacts, performing triage tasks from clients through the KAPE.Files artefact, and then processing them with Hayabusa and Plaso to generate Timelines and …

Aug 24, 2025 Read
Exploring DKOM (Direct Kernel Object Manipulation) for Process Hiding on Windows
Exploring DKOM (Direct …

Exploring DKOM for Process Hiding on Windows

In this post we will explore the DKOM (Direct Kernel Object Manipulation) technique, a well-known stealth method used by advanced malware and rootkits on Windows systems to hide processes from standard system monitoring tools.

What is DKOM?

DKOM stands …

Aug 2, 2025 Read
Hayabusa + Velociraptor -> Timesketch: How to build a SuperTimeline
Hayabusa + Velociraptor …

A practical guide to building forensic timelines

This write-up shows how to build timelines from Windows machines to be examined in Triage following a compromise, from the acquisition of all artifacts to the generation of a Super-Timeline and its visualisation with Timesketch using tools such as …

Jul 27, 2025 Read
MalRar - Compressing Initial Access
MalRar - Compressing …

Embedding a Malicious Executable into a Regular PDF or EXE

🛠️ Let’s assume we have already created our malicious executable, which will perform certain actions on the victim’s host or send us a reverse shell.

The following steps describe the process of creating our file to make it look …

Mar 9, 2023 Read