Author Archives: [email protected]

About [email protected]

[Between Teams of Red and Blue, I'm with the Purple Team]

Prevent Windows Reboots on Expired VMs

Sometimes you have one of those VMs that you downloaded from Microsoft and then you used it for some testing. Now, after a certain amount of time, the free license given will expire and what will happen, is the VM … Continue reading

Posted in Security, Virtualization, Windows | Tagged , , , , , , | Leave a comment

Windows Kernel Debugging Using Two VMs on Linux

Just thought of writing this here, because I keep forgetting how to do this stuff! Also, since OST2 has lots of new courses related to Windbg, I thought this would be helpful for folks who use a Linux Workstation and … Continue reading

Posted in Exploitation, Kernel, Virtualization, Windows | Tagged , , , , | Leave a comment

من مُذكرات مُهاجر

منذ أكثر من عشرة سنوات وأنا أحاول السفر الى الخارج من خلال الهجرة. والدي ووالدتي يرفضون سفري وغير موافقين على ذلك… كُنت مُلحاً في كل مرة بأن يسمحوا لي بالهجرة، ولكن طلبي كان دائماً يلاقي الرفض… والدي كان أقل تشدداً … Continue reading

Posted in Life | Comments Off on من مُذكرات مُهاجر

Linux Forensics Workshop

Hello, I’ve been invited by the Saudi Federation for Cyber Security and Programming (SAFCSP) to do a Linux Forensics workshop during their series of Cybersecurity Nights. My session will be next Thursday, May 14th, 2020 at 10:00 PM (KSA time) … Continue reading

Posted in Forensics, Investigations, Workshops | Tagged , , , , | Comments Off on Linux Forensics Workshop

Investigating USB Drives using Mount Points Not Drive Letters

Yes, another excellent question came up by one of my students: If a user mounts the volume to a mount point, what artifacts could we find for the USB? Starting I think from Windows 8.1 or 10, a user could … Continue reading

Posted in DFIR, Forensics, Investigations, Windows | Tagged , , , , , , , , | Comments Off on Investigating USB Drives using Mount Points Not Drive Letters