For those trying to learn Linux, it can be a daunting task. The are a number plethora of resources online and built into the OS. For those just looking for something “light” and tangible, I recommend the one page Linux manual. It fits the bill for the most part (although
Year: 2014
Wait, did something change? Don’t know, use Regshot
1. Download the program from http://sourceforge.net/projects/regshot/. 2. Right-click the program and run it as administrator. 3. The below screen should appear. From there we have the option of comparing logs in plain TXT or HTML. We can also choose folders to scan as well.
Creating a share on Linux and accessing via Windows
There are many times when there is data on a Linux system that needs to be moved to another system like Windows. Well, the question is how do you do that? The method that I have found to be the easiest is to use Samba. Below are the steps to
To broadcast a SSID or not to broadcast a SSID, that is the question
For some, wireless security and securing ones home network can mean a number of things. Some people feel that disabling the broadcast of their SSID gives them that extra layer of security. Depending on the context of the conversation at that time, I can somewhat see their perspective. From my
Jump Bag Stuff
Wifi-Pineapple – https://hakshop.myshopify.com/products/wifi-pineapple?variant=81044992 PWN Plug – https://www.pwnieexpress.com/product/pwn-plug-elite/ Read-Only Flash Drive – http://www.kanguru.com/storage-accessories/flash-blu2.shtml SmartSniff – http://www.nirsoft.net/utils/smsniff.html
Parse and Extract PST and OST Mailboxes
Libpff is a powerful mail examination tool. The tool will allow you to examine and extract data without having to attach the PST to Outlook and has the ability to view emails that are encrypted. In my example below, I will be using the tool via the SANS SIFT workstation
Parsing Metadata with ExifTool
Its one thing to have a piece of data but its another thing to be able to get the metadata about said data. ExifTool (http://www.sno.phy.queensu.ca/~phil/exiftool/) is a tool that will allow just that. Its command line based but there is a GUI version as well called pyExifTool (https://hvdwolf.github.io/pyExifToolGUI/). The tool
Windows Memory Capture using DumpIt
One of the simplest tools for capturing memory from a Windows system is DumpIt. The program is very portable and saves the capture to wherever the program is ran from. Most people will run it from a flash drive but depending on your company’s security policy that may not be
Memory Capture via Hibernation File
If you are having a hard time getting a memory capture using commercial tools, have no fear, Microsoft to the rescue! Starting with Win2K, each version of Windows has supported OS hibernation. When you put a system into hibernation, it creates a hiberfil.sys file on the root of the filesystem
Display Credentials For All Previous Wireless Networks Connected To
I was at a friend’s house and needed to connect my laptop to his network. My friend was reluctant to give me password to his network and decided to type it in himself. In his mind, he was just doing his part to provide some security to his home network,
Great Sites for Cyber related Videos
http://securitytube.net/ http://irongeek.com
Determining what profile to use when analyzing Windows memory in Volatility
No need to guess or experiment with different profiles, let Volatility figure that out for you. In testing, this worked with all formats that Volatility supports. If you were the one to do the memory dump or if the file was labeled OS information, this wouldn’t be a concern or
Forensics Posters
Anybody getting into forensics knows its like putting on a pair of glasses and seeing things in a whole new light. Part of being able to identify bad or evil is being able to identify normal. In my opinion, SANS did a pretty good job depicting some common things to
Building a profile for Volatility
After capturing Linux memory using LiME (or your program of choice), we can analyze it using Volatility. In order to do so, you will need to build a profile for Volatility to use. The profile is based on the kernel/version of the system in which the memory capture was done
Linux Memory Capture with LiME
When doing forensics, grabbing a capture of the live memory is vital. There are a few different programs out there to accomplish the task but in my testing, I felt LiME was the best choice. It wasn’t intrusive at all on the system and was pretty straightforward. Once I compiled