Angry Bender

Hi there, its good to see you

Posts by Tag

dfir

Negative Decimal DWORD to Human Format

15 minute read

Introduction This blog aims to ELI5, how negative numbers are stored in the Windows Registry, or any other DWORD for that matter. Why you may ask? Well, some...

DFIR Playbook - Windows Forensics(WIP APR21)

5 minute read

Introduction note this post is incomplete, Oct 2021, this is quite a large playbook to replicate This post aims to replicate my physical playbook on windows....

Mobile Phone Codes

1 minute read

Introduction This post aims to consolidate a list of useful smartphone codes

DFIR Playbook - Network Forensics

2 minute read

Introduction This post aims to replicate my physical playbook on Networking and includes the following tools

DFIR Playbook - Memory Analysis

6 minute read

Introduction This post aims to replicate my physical playbook on Memory Analysis and includes the following tools

DFIR Playbook - Disk Images

4 minute read

Introduction This post aims to replicate my physical playbook on Disk Images and includes the following tools

Analysing a VMWare Memory image with volatility

2 minute read

Introduction I found recently during a CTF Memory image challenge, that analysing memory images from VMWare wasn’t necessarily as easy as just having the rig...

Back to Top ↑

windows

PowerShell Cheat Sheet

1 minute read

Introduction Script blocks i find myself using in powershell all the time

Negative Decimal DWORD to Human Format

15 minute read

Introduction This blog aims to ELI5, how negative numbers are stored in the Windows Registry, or any other DWORD for that matter. Why you may ask? Well, some...

DFIR Playbook - Windows Forensics(WIP APR21)

5 minute read

Introduction note this post is incomplete, Oct 2021, this is quite a large playbook to replicate This post aims to replicate my physical playbook on windows....

DFIR Playbook - Memory Analysis

6 minute read

Introduction This post aims to replicate my physical playbook on Memory Analysis and includes the following tools

Back to Top ↑

DFIR

Handy DFIR Excel Formulas

less than 1 minute read

Introduction We all know DFIR loves spreadsheets for timelines, but copying out times, dates and converting data types can be a pain. This post aims to show ...

Cobalt Strike Decoding

1 minute read

Introduction This post aims to bring together some resources for quick wins to get cobalt beacons.

Back to Top ↑

sysadmin

PowerShell Cheat Sheet

1 minute read

Introduction Script blocks i find myself using in powershell all the time

Full Featured IDE For Bash Scripting

less than 1 minute read

Introduction I’ve had a few colleagues ask me how I have a full featured Bash IDE for courses I have developed; So I thought i’d make a post to show people h...

Back to Top ↑

linux

DFIR Playbook - Memory Analysis

6 minute read

Introduction This post aims to replicate my physical playbook on Memory Analysis and includes the following tools

Full Featured IDE For Bash Scripting

less than 1 minute read

Introduction I’ve had a few colleagues ask me how I have a full featured Bash IDE for courses I have developed; So I thought i’d make a post to show people h...

Back to Top ↑

oscp

OSCP Notes

3 minute read

Introduction A tabled summary of common commands used

Back to Top ↑

offensive

OSCP Notes

3 minute read

Introduction A tabled summary of common commands used

Back to Top ↑

debug

Reverse Engineering Crypto Keys - WIP Notes

3 minute read

Preface I am by no means a programming, or RE expert. But I’m going to have a go at explaining the issue of finding the needle in a haystack of an XOR key us...

Full Featured IDE For Bash Scripting

less than 1 minute read

Introduction I’ve had a few colleagues ask me how I have a full featured Bash IDE for courses I have developed; So I thought i’d make a post to show people h...

Back to Top ↑

Timeline

Handy DFIR Excel Formulas

less than 1 minute read

Introduction We all know DFIR loves spreadsheets for timelines, but copying out times, dates and converting data types can be a pain. This post aims to show ...

Back to Top ↑

vmware

Analysing a VMWare Memory image with volatility

2 minute read

Introduction I found recently during a CTF Memory image challenge, that analysing memory images from VMWare wasn’t necessarily as easy as just having the rig...

Back to Top ↑

bash

Full Featured IDE For Bash Scripting

less than 1 minute read

Introduction I’ve had a few colleagues ask me how I have a full featured Bash IDE for courses I have developed; So I thought i’d make a post to show people h...

Back to Top ↑

programming

Reverse Engineering Crypto Keys - WIP Notes

3 minute read

Preface I am by no means a programming, or RE expert. But I’m going to have a go at explaining the issue of finding the needle in a haystack of an XOR key us...

Back to Top ↑

reverse_engineering

Reverse Engineering Crypto Keys - WIP Notes

3 minute read

Preface I am by no means a programming, or RE expert. But I’m going to have a go at explaining the issue of finding the needle in a haystack of an XOR key us...

Back to Top ↑

disk

DFIR Playbook - Disk Images

4 minute read

Introduction This post aims to replicate my physical playbook on Disk Images and includes the following tools

Back to Top ↑

tsk

DFIR Playbook - Disk Images

4 minute read

Introduction This post aims to replicate my physical playbook on Disk Images and includes the following tools

Back to Top ↑

mft

DFIR Playbook - Disk Images

4 minute read

Introduction This post aims to replicate my physical playbook on Disk Images and includes the following tools

Back to Top ↑

timeline

DFIR Playbook - Disk Images

4 minute read

Introduction This post aims to replicate my physical playbook on Disk Images and includes the following tools

Back to Top ↑

memory

DFIR Playbook - Memory Analysis

6 minute read

Introduction This post aims to replicate my physical playbook on Memory Analysis and includes the following tools

Back to Top ↑

process

DFIR Playbook - Memory Analysis

6 minute read

Introduction This post aims to replicate my physical playbook on Memory Analysis and includes the following tools

Back to Top ↑

malware

DFIR Playbook - Memory Analysis

6 minute read

Introduction This post aims to replicate my physical playbook on Memory Analysis and includes the following tools

Back to Top ↑

rootkit

DFIR Playbook - Memory Analysis

6 minute read

Introduction This post aims to replicate my physical playbook on Memory Analysis and includes the following tools

Back to Top ↑

network

DFIR Playbook - Network Forensics

2 minute read

Introduction This post aims to replicate my physical playbook on Networking and includes the following tools

Back to Top ↑

pcap

DFIR Playbook - Network Forensics

2 minute read

Introduction This post aims to replicate my physical playbook on Networking and includes the following tools

Back to Top ↑

netflow

DFIR Playbook - Network Forensics

2 minute read

Introduction This post aims to replicate my physical playbook on Networking and includes the following tools

Back to Top ↑

mobile

Mobile Phone Codes

1 minute read

Introduction This post aims to consolidate a list of useful smartphone codes

Back to Top ↑

verification

Negative Decimal DWORD to Human Format

15 minute read

Introduction This blog aims to ELI5, how negative numbers are stored in the Windows Registry, or any other DWORD for that matter. Why you may ask? Well, some...

Back to Top ↑

automation

PowerShell Cheat Sheet

1 minute read

Introduction Script blocks i find myself using in powershell all the time

Back to Top ↑

Malware

Cobalt Strike Decoding

1 minute read

Introduction This post aims to bring together some resources for quick wins to get cobalt beacons.

Back to Top ↑

Windows

Cobalt Strike Decoding

1 minute read

Introduction This post aims to bring together some resources for quick wins to get cobalt beacons.

Back to Top ↑

CSV

Back to Top ↑

Logs

Back to Top ↑

SIEM

Back to Top ↑