Removing the profile and registry entry
Uncategorized
Invoke-Ghostlog: An Event Log Wiping Technique
Teamviewer Forensic Artifacts
The average system administrator uses remote administration tools to enable them to tend to systems across their network. There are a variety of these tools available and one of them is Teamviewer. During an incident, there are several logs and artifacts of interest that are vital. Each log provides some
Parsing Bitvise Logs for Analysis
The use of Secure Shell Protocol (SSH) in a network is can provide significant capabilities. It specifically enables a person to connect to a system via an encrypted shell, authenticate, and interact with a system. For this to happen, however, systems acting as clients need to have an SSH client,
Retrieving Files You’ve Uploaded to Microsoft Teams
The use of Cloud infrastructure has substantially grown over the years. As people become more comfortable with the technology, it will certainly continue to grow. With comfortability, comes an overabundance and reliance on the use of the platforms in the Cloud. While this could be great for users and organizations,
SRUM DB… Enhancing Forensics!
A common task within Incident Response and Digital Forensics (DFIR) is to identify any evidence of execution of something. That evidence helps to paint a story as to what took place on the machine and possibly highlight other pertinent things that may be unknown. Most commonly, this evidence can be
Reducing SMBv3 Vulnerability Attack Surface
This week has been very interesting with Microsoft unintentionally disclosing a remote code execution vulnerability in SMB v3. This particularly affects the data compression feature within the 1903 and 1909 versions of Windows 10 and Server 2019. This left defenders everywhere in a frantic state while malicious actors worked overtime
Parsing IIS Logs
Windows variant of a webserver is called Internet Information Services (IIS). The feature comes as part of Windows server builds but isn’t enabled but default. If you manage an IIS server, logs write to c:\inetpub\logs by default and without a tool or capability, aren’t necessarily the easiest to read. With
Jump Bag Stuff
Wifi-Pineapple – https://hakshop.myshopify.com/products/wifi-pineapple?variant=81044992 PWN Plug – https://www.pwnieexpress.com/product/pwn-plug-elite/ Read-Only Flash Drive – http://www.kanguru.com/storage-accessories/flash-blu2.shtml SmartSniff – http://www.nirsoft.net/utils/smsniff.html
Great Sites for Cyber related Videos
http://securitytube.net/ http://irongeek.com