A SIEM On the Cheap - Using Sqlite for Data Analysis
Introduction When doing investigations, its quite common to need to read large amounts of data, usually contained in CSV Files. While there are many solution...
Introduction When doing investigations, its quite common to need to read large amounts of data, usually contained in CSV Files. While there are many solution...
Introduction We all know DFIR loves spreadsheets for timelines, but copying out times, dates and converting data types can be a pain. This post aims to show ...
Introduction This post aims to bring together some resources for quick wins to get cobalt beacons.
TLDR Heaps of reddit posts and AV posts have discussed this command at length, with general users sometimes stating powershell.exe -ExecutionPolicy Restricte...
Introduction Script blocks i find myself using in powershell all the time
Introduction This blog aims to ELI5, how negative numbers are stored in the Windows Registry, or any other DWORD for that matter. Why you may ask? Well, some...
Introduction note this post is incomplete, Oct 2021, this is quite a large playbook to replicate This post aims to replicate my physical playbook on windows....
Introduction This post aims to consolidate a list of useful smartphone codes
Introduction This post aims to replicate my physical playbook on Networking and includes the following tools
Introduction This post aims to replicate my physical playbook on Memory Analysis and includes the following tools
Update - 2022/04
Introduction This post aims to replicate my physical playbook on Disk Images and includes the following tools
Preface I am by no means a programming, or RE expert. But I’m going to have a go at explaining the issue of finding the needle in a haystack of an XOR key us...
Introduction I’ve had a few colleagues ask me how I have a full featured Bash IDE for courses I have developed; So I thought i’d make a post to show people h...
Introduction I found recently during a CTF Memory image challenge, that analysing memory images from VMWare wasn’t necessarily as easy as just having the rig...
Last Update 15APR21 - Added filefrag command
Introduction A tabled summary of common commands used