Posts by Year

2023

Handy DFIR Excel Formulas

less than 1 minute read

Introduction We all know DFIR loves spreadsheets for timelines, but copying out times, dates and converting data types can be a pain. This post aims to show ...

Back to Top ↑

2022

Cobalt Strike Decoding

1 minute read

Introduction This post aims to bring together some resources for quick wins to get cobalt beacons.

Back to Top ↑

2021

PowerShell Cheat Sheet

1 minute read

Introduction Script blocks i find myself using in powershell all the time

Negative Decimal DWORD to Human Format

15 minute read

Introduction This blog aims to ELI5, how negative numbers are stored in the Windows Registry, or any other DWORD for that matter. Why you may ask? Well, some...

DFIR Playbook - Windows Forensics(WIP APR21)

5 minute read

Introduction note this post is incomplete, Oct 2021, this is quite a large playbook to replicate This post aims to replicate my physical playbook on windows....

Mobile Phone Codes

1 minute read

Introduction This post aims to consolidate a list of useful smartphone codes

Back to Top ↑

2020

DFIR Playbook - Network Forensics

2 minute read

Introduction This post aims to replicate my physical playbook on Networking and includes the following tools

DFIR Playbook - Memory Analysis

6 minute read

Introduction This post aims to replicate my physical playbook on Memory Analysis and includes the following tools

DFIR Playbook - Disk Images

4 minute read

Introduction This post aims to replicate my physical playbook on Disk Images and includes the following tools

Reverse Engineering Crypto Keys - WIP Notes

3 minute read

Preface I am by no means a programming, or RE expert. But I’m going to have a go at explaining the issue of finding the needle in a haystack of an XOR key us...

Full Featured IDE For Bash Scripting

less than 1 minute read

Introduction I’ve had a few colleagues ask me how I have a full featured Bash IDE for courses I have developed; So I thought i’d make a post to show people h...

Analysing a VMWare Memory image with volatility

2 minute read

Introduction I found recently during a CTF Memory image challenge, that analysing memory images from VMWare wasn’t necessarily as easy as just having the rig...

Back to Top ↑

2019

OSCP Notes

3 minute read

Introduction A tabled summary of common commands used

Back to Top ↑