-
Oct 11, 2017
Some information raised during preparation of GCFA exam The New Technology File System (NTFS) is a file system developed and introduced by Microsoft in 1995 with Windows NT as a replacement for the FAT file system. Versions Microsoft has released five… read more »
-
Oct 10, 2017
A Python script for auditing wireless networks Do you know Wifite? It’s a great wifi auditing tool, designed for use with pentesting distributions of Linux, such as Kali Linux, Pentoo, BackBox and any Linux distributions with wireless drivers patched for injection (so… read more »
-
Oct 9, 2017
A technique used by malware author to evade defenses and detection analysis of malicious processes execution Process hollowing is a technique used by malware in which a legitimate process is loaded on the system solely to act as a container… read more »
-
Oct 6, 2017
Essential information during timeline analysis During a forensic analysis, especially during timeline analysis, you deal with MAC timestamps, so it’s important to know and understand the concept of time resolution. The MAC(b) times are derived from file system metadata and… read more »
-
Oct 4, 2017
Some information raised during preparation of GCFA exam FAT, or File Allocation Table, is a file system that is designed to keep track of allocation status of clusters on a hard drive. Originally designed in 1977 for use on floppy disks… read more »
-
Oct 2, 2017
Integral part to the Windows Operating System and essential for DFIR analysts Shadow Copy (also known as Volume Snapshot Service, Volume Shadow Copy Service or VSS) is a technology included in Microsoft Windows that allows taking manual or automatic backup copies… read more »
-
Sep 29, 2017
A mono-GPU password cracking tool BitLocker is a full disk encryption feature included with Windows Vista and later. It is designed to protect data by providing encryption for entire volumes, using by default AES encryption algorithm in cipher block chaining(CBC) or… read more »
-
Sep 27, 2017
A new cryptocurrency on which to bet? Recently, ThePirateBay conducted an experiment to see if it could replace the advertisements that keep the site afloat with a new monetization scheme: using visitors’ browsers to mine cryptocurrency. So, the webmasters has embedded… read more »
-
Sep 26, 2017
A simple and useful snippet Recently i’ve developed a simple webscraper that extract magnet links from a specific page and starts the download with bittorrent. The core of the script is the code snippet below, that uses pyquery in order to… read more »
-
Sep 22, 2017
Looking for a good alternative to CCleaner? Take a look to BleachBit! A good analysis by Cisco Talos Version 5.33 of the CCleaner downloaded between August 15 and September 12 was modified to include the Floxif malware: We would like to… read more »
-
Sep 21, 2017
A bug really difficult to reproduce! Hanno Böck, a freelance journalist, has disclosed a bug in Apache Web Server causes servers to leak pieces of arbitrary memory in a way that could expose passwords or other secrets, like the most… read more »
-
Sep 20, 2017
How to share code snippets from command line Gist.github.com is a great service provided by GitHub, useful to share code snippets. You can share single files, parts of files, or full applications: every gist is a Git repository, which means that… read more »
-
Sep 18, 2017
Useful during analysis of malicious sites Yesterday in my twitter stream i’ve seen this tweet by Florian Roth: [embed]https://twitter.com/cyb3rops/status/902934898700320770[/embed] During the analysis of a malicious site, one of the first step is the deobfuscation of the suspicious javascript. There are… read more »
-
Sep 15, 2017
Do you know what is the blockchain? You should! How an independent, transparent, and permanent database coexisting in multiple locations and shared by a community will changing money and business? In this lucid and simple talk, Bettina Warburg describes how… read more »
-
Sep 13, 2017
In a big company, with a lot of windows systems, checking the correct patching for Wannacry could be a little tricky. Security update MS17–010 addresses several vulnerabilities in Windows SMB v1 exploited by the WannaCrypt ransomware. However, the KB that contains… read more »
-
Sep 11, 2017
A research about supersonic voice command hacking Chinese researchers have discovered a vulnerability in voice assistants from Apple, Google, Amazon, Microsoft, Samsung, and Huawei. Using a technique called “DolphinAttack”, a team from Zhejiang University translated typical vocal commands into ultrasonic frequencies… read more »
-
Sep 8, 2017
Simplify Linux digital forensics! LiMEaide is a python application developed by Daryl Bennett that can remotely dump RAM of a Linux client. It can also create a volatility profile for later analysis. In order to use LiMEaide all you need… read more »
-
Sep 6, 2017
Applying XOR on a raw shellcode UniByAv is a simple obfuscator that take a raw shellcode and generate executable that are Anti-Virus friendly, really useful to check antivirus solutions. The obfuscation routine is purely writtend in assembly to remain pretty… read more »
-
Sep 4, 2017
Search for sensitive data in GitHub repositories Developers generally like to share their code, and many of them do so by open sourcing it on GitHub. From Wikipedia: GitHub is a web-based Git or version control repository and Internet hosting… read more »
-
Sep 1, 2017
Simple to install and with a lot of features The purpose of PowerForensics is to provide an all inclusive framework for hard drive forensic analysis. PowerForensics currently supports NTFS and FAT file systems, and work has begun on Extended File System… read more »