• Share files from command line with transfer.sh: a simple cheatsheet

    Transfer.sh is a website that helps users to share files from the command-line an efficient way. It won’t required any additional software to work except cURL. If your linux distribution doesn't have cUrl (unlikely!), you can install it with sudo… read more »
  • WPSeku: a Black-box Wordpress Security Scanner

    WPSeku is a Black-box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues. What is a Black-box scanner? Black-box security testing refers to a method of software security testing in which the security… read more »
  • What is Canvas Fingerprinting and how the companies use it to track you online

    Recently Mozilla planned to display permission prompts if a website attempt to use HTML5 Canvas Image Data in the Firefox web browser: in fact, this HTML5 element is often used to tracking users with a technique called "Canvas Fingerprinting" What… read more »
  • GoCrack: managed password cracking tool by FireEye

    FireEye released GoCrack, a tool designed to password cracking tasks across multiple servers. GoCrack is open source and provides an easy-to-use, web-based real-time UI to create, view, and manage password cracking tasks.   The tool was developed by FireEye's Innovation and… read more »
  • BleachBit: a good opensource alternative to CCleaner?

    After the CCleaner incident, a lot of friends and colleagues asked me a good alternative to the Piriform's tool. From my point of view, a good alternative could be BleachBit. BleachBit is open source, and its designed for Linux and… read more »
  • How to recover files encrypted by BadRabbit ransomware?

    Researchers at Kaspersky Lab has discovered that some victims may be able to recover their files without paying any ransom.   The discovery was made by that analyzed the encryption functionality implemented by the ransomware: the Bad Rabbit leverages the open… read more »
  • BadRabbit ransomware: suggested readings

    Spreads via network, currently hits Russia, Ukraine, Germany, Japan, and Turkey   A variant of Petya/NotPetya/EternalPetya called BadRabbit and probably prepared by the same authors has infected several big Russian media outlets. BadRabbit uses SMB to propagate laterally with a hardcoded… read more »
  • Windows Security Identifiers (SIDs)

    SID is one of the core data structures in the NT security infrastructure A Security Identifier (commonly abbreviated SID) is a unique, immutable identifier of a user, user group, or other security principal. A security principal has a single SID… read more »
  • Windows event logs in forensic analysis

    On Windows systems, event logs contains a lot of useful information about the system and its users. Depending on the logging level enabled and the version of Windows installed, event logs can provide investigators with details about applications, login timestamps for… read more »
  • Key reinstallation attacks: my suggested readings

    Release the KRACKen! Security researcher Mathy Vanhoef has discovered several vulnerabilities in the core of WPA2 protocol that could allow an attacker to hack into a Wi-Fi network and eavesdrop on the Internet communications. WPA2 is a authentication scheme widely used… read more »
  • Windows registry in forensic analysis

    Windows registry contains information that are helpful during a forensic analysis Windows registry is an excellent source for evidential data, and knowing the type of information that could possible exist in the registry and location is critical during the forensic analysis… read more »
  • Amcache and Shimcache in forensic analysis

    Amcache and Shimcache can provide a timeline of which program was executed and when it was first run and last modified In addition, these artifacts provide program information regarding the file path, size, and hash depending on the OS version. Amcache… read more »
  • Some thoughts about NTFS Filesystem

    Some information raised during preparation of GCFA exam The New Technology File System (NTFS) is a file system developed and introduced by Microsoft in 1995 with Windows NT as a replacement for the FAT file system. Versions Microsoft has released five… read more »
  • Wifite 2: a complete rewrite of Wifite

    A Python script for auditing wireless networks Do you know Wifite? It’s a great wifi auditing tool, designed for use with pentesting distributions of Linux, such as Kali Linux, Pentoo, BackBox and any Linux distributions with wireless drivers patched for injection (so… read more »
  • Understanding Process Hollowing

    A technique used by malware author to evade defenses and detection analysis of malicious processes execution Process hollowing is a technique used by malware in which a legitimate process is loaded on the system solely to act as a container… read more »
  • MAC(b) times in Windows forensic analysis

    Essential information during timeline analysis   During a forensic analysis, especially during timeline analysis, you deal with MAC timestamps, so it’s important to know and understand the concept of time resolution. The MAC(b) times are derived from file system metadata and… read more »
  • Some thoughts about FAT Filesystem

    Some information raised during preparation of GCFA exam FAT, or File Allocation Table, is a file system that is designed to keep track of allocation status of clusters on a hard drive. Originally designed in 1977 for use on floppy disks… read more »
  • Volume Shadow Copies in forensic analysis

    Integral part to the Windows Operating System and essential for DFIR analysts Shadow Copy (also known as Volume Snapshot Service, Volume Shadow Copy Service or VSS) is a technology included in Microsoft Windows that allows taking manual or automatic backup copies… read more »
  • BitCracker: open source BitLocker password cracking tool

    A mono-GPU password cracking tool BitLocker is a full disk encryption feature included with Windows Vista and later. It is designed to protect data by providing encryption for entire volumes, using by default AES encryption algorithm in cipher block chaining(CBC) or… read more »
  • JSECoin : a new cryptocurrency designed for website mining

    A new cryptocurrency on which to bet? Recently, ThePirateBay conducted an experiment to see if it could replace the advertisements that keep the site afloat with a new monetization scheme: using visitors’ browsers to mine cryptocurrency. So, the webmasters has embedded… read more »