Offensive Software Exploitation Course

During this semester, which technically ends on Sunday 11:59 pm (5/5/2019), I taught this course at the college for a nice group of students. The course has nothing secret and no zero days were found LOL. But, still I think it was fun, but a fire hose of information to go over in a 5-weeks class! I might release the labs and I might not do that, not until the end of 2019. But anyway, just wanted to have it referred to here. Continue reading

Posted in Academia, Exploitation, Metasploit, PenTest, Security, Vulnerability | Tagged , , , , , , , , , , | Comments Off on Offensive Software Exploitation Course

Installing HDFS for Forensics Research

It sure has been a long time since I last wrote anything here, so I remembered there was a blog that is either dead or is about to die :)

Anyway, just wanted to say “hi” to everyone out there and let them know the blog is not dead, I will be sharing some of the work I have been doing, as soon as I can. For now, just wanted to share a couple of documents for those interested in working on HDFS. Continue reading

Posted in Academia, HDFS, Publications, Research | Tagged , , , | Comments Off on Installing HDFS for Forensics Research

Anti-Forensics: Leveraging OS and File System Artifacts

Hola,

I know it seems that the zone has been abandoned for a year, and that is why I didn’t want the year to end without posting anything. Anyway, this presentation has been covered in Feb-2016, and thought why not share it with the DFIR community, maybe it will be useful to someone out there.

Presentation title: Anti-Forensics: Leveraging OS and File System Artifacts.

It doesn’t cover all the anti stuff, but it is a good start.

Enjoy…

Posted in DFIR, Forensics | Comments Off on Anti-Forensics: Leveraging OS and File System Artifacts

Digital Forensic Challenge #4

The Case:
A company’s web server has been breached through their website. Our team arrived just in time to take a forensic image of the running system and its memory for further analysis. The files can be found below:
1- System Image: here
2- System Memory: here
3- Hashes: here
4- Passwords = DFChallenge@s4a
Continue reading

Posted in Academia, Challenges, Forensics, z0ne | Tagged , , , | 2 Comments

Forensic Analysis: Creating User GUI vs CLI

Hello,

This is my first forensic analysis post in English; as I’m sure you noticed by now that all of it is in Arabic; so excuse me for my bad English :)

The whole idea came out when @azeemnow asked the #DFIR community the following:
how can you tell the difference between a Windows account created from cmdline vs GUI interface?
Found here: URL

I tried to help by giving ideas, but it seems they didn’t help solve the case! So I said to myself why not replicate the process and do some checks!

Actions below done not in exact listed order (more later)!!!
1- Started a cmd.exe with Administration priveleges, and executed:
net user cmduser cmduser /add
2- From the Windows Control Panel and using the User Account applet, I added a user named guiuser.

Now; the first idea I had in mind is I thought that checking the system logs alone was enough to find clues about the exact location of execution & creation. I was wrong about that! Both log entries showed no difference at all except the username for sure :)
Continue reading

Posted in Forensics, Windows | Tagged , , , , , | Comments Off on Forensic Analysis: Creating User GUI vs CLI