-
Recent Posts
Categories
- Academia (20)
- Android (1)
- Anti-Forensics (2)
- AntiX (3)
- Apache/Tomcat (8)
- Arabnix (6)
- BackTrack (5)
- Books (17)
- Challenges (5)
- Companies (16)
- Cyber 5W (1)
- Database (23)
- Development (31)
- DFIR (10)
- Exploitation (7)
- File Systems (1)
- Firewalls (20)
- Footprinting (14)
- Forensics (21)
- Fun (28)
- GNU/Linux (101)
- HDFS (1)
- IDS/IPS (4)
- Investigations (9)
- Kernel (24)
- Life (160)
- Linux Security (68)
- Linux Services (37)
- Malware (5)
- Memory (1)
- Metasploit (6)
- Mobile (3)
- Networks (44)
- News (75)
- OSINT (6)
- Patch Management (5)
- PCI Compliance (8)
- PenTest (51)
- Poems (9)
- PortKnocking (10)
- Privacy (4)
- Publications (12)
- Real Madrid (17)
- Research (2)
- Security (83)
- Snippets (33)
- Social Engineering (4)
- Software/Tools (51)
- Sport (78)
- ThreatHunting (3)
- Unix (12)
- Virtualization (25)
- Vulnerability (6)
- Web Security (12)
- Webapp (4)
- WHM/Cpanel (6)
- Windows (17)
- Workshops (1)
- z0ne (16)
Archives
Category Archives: Windows
Challenge #9 – Encrypt Them All Case
In this case you are required to decrypt all the data and files that have been encrypted using different crypto methods. E01 for the drive could be found: here #1: Lost in Space: We noticed that the whole communication started … Continue reading
Posted in Anti-Forensics, Challenges, DFIR, Forensics, Investigations, Windows
Tagged aes, anti-forensics, bit-locker, challenges, DFIR, gnupg, Investigations
Comments Off on Challenge #9 – Encrypt Them All Case
Challenge #8 – NTFS File System Case
In this case you are required to find all the data and files that have been hidden using some of the NTFS file system capabilities. – E01 for the drive could be found: here – There are 5 hidden things … Continue reading
Posted in Challenges, DFIR, File Systems, Forensics, Investigations, Windows
Tagged ant-forensics, challenges, DFIR, file systems, hidden, Investigations, ntfs, Windows Forensics
Comments Off on Challenge #8 – NTFS File System Case
Prevent Windows Reboots on Expired VMs
Sometimes you have one of those VMs that you downloaded from Microsoft and then you used it for some testing. Now, after a certain amount of time, the free license given will expire and what will happen, is the VM … Continue reading
Posted in Security, Virtualization, Windows
Tagged AdvancedRun, PsExe, regedit, sc, service, SysInternals, whoami, WLMS
Comments Off on Prevent Windows Reboots on Expired VMs
Windows Kernel Debugging Using Two VMs on Linux
Just thought of writing this here, because I keep forgetting how to do this stuff! Also, since OST2 has lots of new courses related to Windbg, I thought this would be helpful for folks who use a Linux Workstation and … Continue reading
Posted in Exploitation, Kernel, Virtualization, Windows
Tagged bcdedit, debug, kdnet, serial, WinDbg
Comments Off on Windows Kernel Debugging Using Two VMs on Linux
Investigating USB Drives using Mount Points Not Drive Letters
Yes, another excellent question came up by one of my students: If a user mounts the volume to a mount point, what artifacts could we find for the USB? Starting I think from Windows 8.1 or 10, a user could … Continue reading
Posted in DFIR, Forensics, Investigations, Windows
Tagged DFIR, Forensics, Investigations, registry, Registry Explorer, RegRipper, USB, Windows, Windows and tagged Computer Forensics
Comments Off on Investigating USB Drives using Mount Points Not Drive Letters