Author Archives: [email protected]

About [email protected]

[Between Teams of Red and Blue, I'm with the Purple Team]

Windows InstallTime vs InstallDate Registry Values

Posted on 31 May 2019 by [email protected]

This is just a quick post about two Registry Values InstallTime and InstallDate which are found under the following key: SOFTWARE\Microsoft\Windows NT\CurrentVersion The confusion happens when my students ask which one is correct?

Posted in Forensics, Windows | Tagged DCode, InstallDate, InstallTime, registry, Registry Explorer, timestamps, Windows | Comments Off

Update: Hidden Prefetch Files Detection using New PECmd

Posted on 26 May 2019 by [email protected]

Before diving into this post, I wanted to say, that I have been teaching digital forensics for a long time by now, and in my Operating System Forensics class, I use Eric Zimmerman‘s tools a lot, and when I say … Continue reading →

Posted in AntiX, ThreatHunting, Windows | Tagged ads, alternate data streams, anti-forensics, EXE, malicious, Prefetch, stealth, threathunting, Windows | Comments Off

Creating a Hidden Prefetch File to Bypass Normal Forensic Analysis

Posted on 26 May 2019 by [email protected]

While doing more experiments of running EXEs and Malicious EXEs from ADS and Stealthy ADS to continue my previous work “Can We Say Farewell to Hiding Malicious EXEs in Stealth ADS“, and in order to create a forensic image and … Continue reading →

Posted in AntiX, Forensics, ThreatHunting, Windows | Tagged ads, alternate data streams, anti-forensics, EXE, malicious, Prefetch, stealth, threathunting, Windows | Comments Off

Can We Say Farewell to Hiding Malicious EXEs in Stealth ADS

Posted on 24 May 2019 by [email protected]

One of my current students asked if using Stealth Alternate Data Streams (ADS), could bypass AVs? Therefore, I wanted to prove that for the student by doing a simple experiment. What was done is the following: 1. Turned off Windows … Continue reading →

Posted in AntiX, Forensics, Malware, Metasploit, Windows | Tagged ads, anti-forensics, anti-virus, AV, meterpreter, reverse shell, stealth | Comments Off

Offensive Software Exploitation Course

Posted on 1 May 2019 by [email protected]

During this semester, which technically ends on Sunday 11:59 pm (5/5/2019), I taught this course at the college for a nice group of students. The course has nothing secret and no zero days were found LOL. But, still I think … Continue reading →

Posted in Academia, Exploitation, Metasploit, PenTest, Security, Vulnerability | Tagged Course, Egghunter, Exploitation, Hacking, Metasploit, Pentesting, Post Exploitation, Retrurn Oriented Programming, ROP, SEH, Software Exploitation | Comments Off