Posts by Category

• blog 16
• 2
• 2

blog

Cobalt Strike Decoding

April 5, 2022 1 minute read

Introduction

Handy DFIR Excel Formulas

February 18, 2022 less than 1 minute read

Introduction

DFIR - Final result 1 - Powershell telemetry by Windows

November 10, 2021 4 minute read

TLDR Heaps of reddit posts and AV posts have discussed this command at length, with general users sometimes stating powershell.exe -ExecutionPolicy Restricte...

PowerShell Cheat Sheet

September 24, 2021 1 minute read

Introduction Script blocks i find myself using in powershell all the time

Negative Decimal DWORD to Human Format

May 17, 2021 15 minute read

Introduction This blog aims to ELI5, how negative numbers are stored in the Windows Registry, or any other DWORD for that matter. Why you may ask? Well, some...

DFIR Playbook - Windows Forensics(WIP APR21)

April 28, 2021 5 minute read

Introduction note this post is incomplete, Oct 2021, this is quite a large playbook to replicate This post aims to replicate my physical playbook on windows....

Mobile Phone Codes

March 16, 2021 1 minute read

Introduction This post aims to consolidate a list of useful smartphone codes

DFIR Playbook - Network Forensics

November 24, 2020 2 minute read

Introduction This post aims to replicate my physical playbook on Networking and includes the following tools

DFIR Playbook - Memory Analysis

October 28, 2020 6 minute read

Introduction This post aims to replicate my physical playbook on Memory Analysis and includes the following tools

Vmware VMDK mmls partition type

October 19, 2020 1 minute read

Update - 2022/04

DFIR Playbook - Disk Images

October 6, 2020 4 minute read

Introduction This post aims to replicate my physical playbook on Disk Images and includes the following tools

Reverse Engineering Crypto Keys - WIP Notes

June 16, 2020 3 minute read

Preface I am by no means a programming, or RE expert. But I’m going to have a go at explaining the issue of finding the needle in a haystack of an XOR key us...

Full Featured IDE For Bash Scripting

April 30, 2020 less than 1 minute read

Introduction I’ve had a few colleagues ask me how I have a full featured Bash IDE for courses I have developed; So I thought i’d make a post to show people h...

Analysing a VMWare Memory image with volatility

March 12, 2020 2 minute read

Introduction I found recently during a CTF Memory image challenge, that analysing memory images from VMWare wasn’t necessarily as easy as just having the rig...

Basic Linux Resources (V2.1)

February 27, 2020 16 minute read

Last Update 15APR21 - Added filefrag command

OSCP Notes

October 15, 2019 3 minute read

Introduction A tabled summary of common commands used

Back to Top ↑

DFIR - Final result 1 - Powershell telemetry by Windows

November 10, 2021 4 minute read

TLDR Heaps of reddit posts and AV posts have discussed this command at length, with general users sometimes stating powershell.exe -ExecutionPolicy Restricte...

PowerShell Cheat Sheet

September 24, 2021 1 minute read

Introduction Script blocks i find myself using in powershell all the time

Back to Top ↑

DFIR - Final result 1 - Powershell telemetry by Windows

November 10, 2021 4 minute read

TLDR Heaps of reddit posts and AV posts have discussed this command at length, with general users sometimes stating powershell.exe -ExecutionPolicy Restricte...

PowerShell Cheat Sheet

September 24, 2021 1 minute read

Introduction Script blocks i find myself using in powershell all the time

Back to Top ↑