A SIEM On the Cheap - Using Sqlite for Data Analysis
Introduction When doing investigations, its quite common to need to read large amounts of data, usually contained in CSV Files. While there are many solution...
Recent Posts
Handy DFIR Excel Formulas
Introduction We all know DFIR loves spreadsheets for timelines, but copying out times, dates and converting data types can be a pain. This post aims to show ...
Cobalt Strike Decoding
Introduction This post aims to bring together some resources for quick wins to get cobalt beacons.
DFIR - Final result 1 - Powershell telemetry by Windows
TLDR Heaps of reddit posts and AV posts have discussed this command at length, with general users sometimes stating powershell.exe -ExecutionPolicy Restricte...
PowerShell Cheat Sheet
Introduction Script blocks i find myself using in powershell all the time
Negative Decimal DWORD to Human Format
Introduction This blog aims to ELI5, how negative numbers are stored in the Windows Registry, or any other DWORD for that matter. Why you may ask? Well, some...
DFIR Playbook - Windows Forensics(WIP APR21)
Introduction note this post is incomplete, Oct 2021, this is quite a large playbook to replicate This post aims to replicate my physical playbook on windows....
Mobile Phone Codes
Introduction This post aims to consolidate a list of useful smartphone codes
DFIR Playbook - Network Forensics
Introduction This post aims to replicate my physical playbook on Networking and includes the following tools
DFIR Playbook - Memory Analysis
Introduction This post aims to replicate my physical playbook on Memory Analysis and includes the following tools
Vmware VMDK mmls partition type
Update - 2022/04
DFIR Playbook - Disk Images
Introduction This post aims to replicate my physical playbook on Disk Images and includes the following tools
Reverse Engineering Crypto Keys - WIP Notes
Preface I am by no means a programming, or RE expert. But I’m going to have a go at explaining the issue of finding the needle in a haystack of an XOR key us...
Full Featured IDE For Bash Scripting
Introduction I’ve had a few colleagues ask me how I have a full featured Bash IDE for courses I have developed; So I thought i’d make a post to show people h...
Analysing a VMWare Memory image with volatility
Introduction I found recently during a CTF Memory image challenge, that analysing memory images from VMWare wasn’t necessarily as easy as just having the rig...
Basic Linux Resources (V2.1)
Last Update 15APR21 - Added filefrag command
OSCP Notes
Introduction A tabled summary of common commands used