Are you over 18 and want to see adult content?
More Annotations
![A complete backup of xsuperviagraonline.com](https://www.archivebay.com/archive5/images/dc843c9e-bc13-4a61-b48c-2ca84894fbcb.png)
A complete backup of xsuperviagraonline.com
Are you over 18 and want to see adult content?
![A complete backup of judpharmacys.com](https://www.archivebay.com/archive5/images/b8bdceb3-2a8f-47c4-b870-b93a2d580513.png)
A complete backup of judpharmacys.com
Are you over 18 and want to see adult content?
![A complete backup of travelbeauty.com](https://www.archivebay.com/archive5/images/88c2a5ff-8613-4961-b7ea-af466e2abdd5.png)
A complete backup of travelbeauty.com
Are you over 18 and want to see adult content?
Favourite Annotations
![A complete backup of kheresy.wordpress.com](https://www.archivebay.com/archive/03264dd3-9b48-44cd-94bc-7a3a80accc27.png)
A complete backup of kheresy.wordpress.com
Are you over 18 and want to see adult content?
![A complete backup of kodiaqforums.co.uk](https://www.archivebay.com/archive/833360dc-25b4-47b9-bdf3-e04227332355.png)
A complete backup of kodiaqforums.co.uk
Are you over 18 and want to see adult content?
![A complete backup of tiledwallpaper.com](https://www.archivebay.com/archive/00b54bab-e402-4040-ac7f-f5e0f56eb748.png)
A complete backup of tiledwallpaper.com
Are you over 18 and want to see adult content?
![A complete backup of milknursingwear.com](https://www.archivebay.com/archive/b1766378-67a8-4638-a2bf-6d708e494aba.png)
A complete backup of milknursingwear.com
Are you over 18 and want to see adult content?
![A complete backup of serviceplan.blog](https://www.archivebay.com/archive/4c895db7-b676-4243-be6d-ea61383da19d.png)
A complete backup of serviceplan.blog
Are you over 18 and want to see adult content?
Text
-NoNewWindow -Wait;
DIDIER STEVENS: FINDING METASPLOIT & COBALT STRIKE URLS An interesting article and video lesson by security reserarcher Didier Stevens. Cobalt Strike and Metasploit are the offensive security tools most commonly used to host malware command-and-control (C2) servers: both tool allows generation of shellcode for http(s) shells so, during a malware/forensic analysis, is really useful be able to identify URLsused by this kind
AMCACHE AND SHIMCACHE IN FORENSIC ANALYSIS Shimcache. Shimcache, also known as AppCompatCache, is a component of the Application Compatibility Database, which was created by Microsoft (beginning in Windows XP) and used by the operating system to identify application compatibility issues. The cache stores various file metadata depending on the operating system, such as: Shimcache Last #WIBATTACK: NOT ONLY S@T BROWSER, BUT ALSO WIB SIM TOOLKIT The attack scenario is very similar to the vulnerability, according with the researcher report: (1) Attacker sends a malicious OTA SMS to the victim phone number. The OTA SMS contains WIB command such as: SETUP CALL, SEND SMS, PROVIDE LOCATION INFO, etc. (2) Right after receiving the OTA SMS, Baseband Operating System of the victim mobile phone uses ENVELOP CLASSICAL GUITAR WITHOUT FINGERNAILS: THE VALUE OF THE The fingertip is a soft body, wider than the nail and therefore, by pinching the string, it must make a greater effort. This effort necessarily requires a greater pressure and resistance of the left hand to overcome the pressure of the strings. It follows that the barrè, the scales, the slurs, the extended positions and certainvirtuosic
PHISHING WITH UNICODE DOMAINS, AN ATTACK ALMOST IMPOSSIBLE The vulnerability affects Chrome, Firefox and Opera The security researcher Xudong Zheng has discovered a new technique for phishing attacks: using an homograph attack, Zheng discovers that is possible to display a fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial credentials and other sensitive information VOLATILITY, MY OWN CHEATSHEET (PART 8): FILESYSTEM Volatility, my own cheatsheet (Part 8): Filesystem. With this part, we ended the series dedicated to Volatility: the last ‘episode’ is focused on file system. If you want to read the other parts, take a look to this index: And now, let’s start to parsing the filesystemdata!
CLASSICAL GUITAR WITHOUT FINGERNAILS? AN OPINION BY ROB Never ask a group of classical guitarists if you can play even without the nails of the right hand! You risk being insulted brutally.and absolutely do not mention Tárrega! Seriously, I came across this video where Rob MacKillop explains his technique developed without using the nails of his right hand, inspired by Fernando Sor technique. CODING ON IPAD PRO: MY OWN SETUP Coding on iPad Pro: my own setup. March 13, 2021. Some months ago, my loved Thinkpad x1 carbon started to have some issues on battery and motherboard. It was an 8 years laptop, so i decided to directly buy a new device for my “ personal purposes WINDOWS FORENSICS: ANALYSIS OF RECYCLE BIN ARTIFACTS Rifiuti2 is a tool developed by Abel Cheung for forensic analysis of recycle bin files from Windows. The tool can extract file deletion time, original path and size of deleted files. It is a rewrite of rifiuti, which is originally written by FoundStone folks for identical purpose. Then it was extended to cover more functionalities, such as: WINDOWS INFORMATION GATHERING USING POWERSHELL: A BRIEF During a penetration test, once you get a local access to a target, you should start a local assessment of the machine in order to plan a correct tactic for privileges escalation and lateral movement. So, today l’d like to share my own cheatsheet of useful powershell commands. Basic System Information Start-Process "systeminfo"-NoNewWindow -Wait;
DIDIER STEVENS: FINDING METASPLOIT & COBALT STRIKE URLS An interesting article and video lesson by security reserarcher Didier Stevens. Cobalt Strike and Metasploit are the offensive security tools most commonly used to host malware command-and-control (C2) servers: both tool allows generation of shellcode for http(s) shells so, during a malware/forensic analysis, is really useful be able to identify URLsused by this kind
AMCACHE AND SHIMCACHE IN FORENSIC ANALYSIS Shimcache. Shimcache, also known as AppCompatCache, is a component of the Application Compatibility Database, which was created by Microsoft (beginning in Windows XP) and used by the operating system to identify application compatibility issues. The cache stores various file metadata depending on the operating system, such as: Shimcache Last #WIBATTACK: NOT ONLY S@T BROWSER, BUT ALSO WIB SIM TOOLKIT The attack scenario is very similar to the vulnerability, according with the researcher report: (1) Attacker sends a malicious OTA SMS to the victim phone number. The OTA SMS contains WIB command such as: SETUP CALL, SEND SMS, PROVIDE LOCATION INFO, etc. (2) Right after receiving the OTA SMS, Baseband Operating System of the victim mobile phone uses ENVELOP CLASSICAL GUITAR WITHOUT FINGERNAILS: THE VALUE OF THE The fingertip is a soft body, wider than the nail and therefore, by pinching the string, it must make a greater effort. This effort necessarily requires a greater pressure and resistance of the left hand to overcome the pressure of the strings. It follows that the barrè, the scales, the slurs, the extended positions and certainvirtuosic
PHISHING WITH UNICODE DOMAINS, AN ATTACK ALMOST IMPOSSIBLE The vulnerability affects Chrome, Firefox and Opera The security researcher Xudong Zheng has discovered a new technique for phishing attacks: using an homograph attack, Zheng discovers that is possible to display a fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial credentials and other sensitive information VOLATILITY, MY OWN CHEATSHEET (PART 8): FILESYSTEM Volatility, my own cheatsheet (Part 8): Filesystem. With this part, we ended the series dedicated to Volatility: the last ‘episode’ is focused on file system. If you want to read the other parts, take a look to this index: And now, let’s start to parsing the filesystemdata!
CLASSICAL GUITAR WITHOUT FINGERNAILS? AN OPINION BY ROB Never ask a group of classical guitarists if you can play even without the nails of the right hand! You risk being insulted brutally.and absolutely do not mention Tárrega! Seriously, I came across this video where Rob MacKillop explains his technique developed without using the nails of his right hand, inspired by Fernando Sor technique. WINDOWS FORENSICS: ANALYSIS OF RECYCLE BIN ARTIFACTS Rifiuti2 is a tool developed by Abel Cheung for forensic analysis of recycle bin files from Windows. The tool can extract file deletion time, original path and size of deleted files. It is a rewrite of rifiuti, which is originally written by FoundStone folks for identical purpose. Then it was extended to cover more functionalities, such as: #WIBATTACK: NOT ONLY S@T BROWSER, BUT ALSO WIB SIM TOOLKIT The attack scenario is very similar to the vulnerability, according with the researcher report: (1) Attacker sends a malicious OTA SMS to the victim phone number. The OTA SMS contains WIB command such as: SETUP CALL, SEND SMS, PROVIDE LOCATION INFO, etc. (2) Right after receiving the OTA SMS, Baseband Operating System of the victim mobile phone uses ENVELOP CLASSICAL GUITAR WITHOUT FINGERNAILS: THE VALUE OF THE The fingertip is a soft body, wider than the nail and therefore, by pinching the string, it must make a greater effort. This effort necessarily requires a greater pressure and resistance of the left hand to overcome the pressure of the strings. It follows that the barrè, the scales, the slurs, the extended positions and certainvirtuosic
DIDIER STEVENS: FINDING METASPLOIT & COBALT STRIKE URLS An interesting article and video lesson by security reserarcher Didier Stevens. Cobalt Strike and Metasploit are the offensive security tools most commonly used to host malware command-and-control (C2) servers: both tool allows generation of shellcode for http(s) shells so, during a malware/forensic analysis, is really useful be able to identify URLsused by this kind
HOW TO UNPROTECT EXCEL WORKSHEET, IN 5 SIMPLE STEPS Rename the XLSX file as ZIP. Extract the ZIP archive. Into the extracted archive (in xl -> worksheets folder) you can find some XML files that contains data and metadata of the worksheets. Open every file with your favorite texteditor, search the XML tag named sheetProtection and remove the entire tag. Save the files. MAC(B) TIMES IN WINDOWS FORENSIC ANALYSIS During a forensic analysis, especially during timeline analysis, you deal with MAC timestamps, so it’s important to know and understand the concept of time resolution. The MAC (b) times are derived from file system metadata and they stand for: The (b) is in parentheses because not all file systems record a birth time. STOCK-MARKET FRAUD, STEGANOGRAPHY AND CYBERATTACKS…IN 1834 Human factor and steganography. In 1834 François and Joseph Blanc, two bankers working on the Bordeaux stock exchange, hired a colleague in Paris for keeping a watch on Paris stock exchange and pass information on the most significant trends to a telegraph operator in Tours, on the line that transmitted data to Bordeaux.. Since the telegraph network was for governmental use only, the Blanc VOLATILITY, MY OWN CHEATSHEET (PART 1): IMAGE Volatility, my own cheatsheet (Part 1): Image Identification. June 25, 2017. In order to start a memory analysis with Volatility, the identification of the type of memory image is a mandatory step. Here some usefull commands. IPTABLES: A SIMPLE CHEATSHEET iptables: a simple cheatsheet. Whether you’re a novice user or a system administrator, iptables is a mandatory knowledge! iptables is the userspace command line program used to configure the Linux 2.4.x and later packet filtering ruleset. When a connection tries to establish itself on your system, iptables looks for a rule in its listto
NOPE, 432 HZ IS NOT THE “FREQUENCY OF UNIVERSE” Let’s try to separate fact from fiction. If you happen to meet some musician who claims that 432 Hz is “the natural frequency of the Universe”, which this frequency has the power of “attract the masses to the music” and cure diseases, first of all, take a look to this article by Assaf Dar Sagol, on Ask.audio:. 432 Hz seems to be just another number without any special significance CODING ON IPAD PRO: MY OWN SETUP Coding on iPad Pro: my own setup. March 13, 2021. Some months ago, my loved Thinkpad x1 carbon started to have some issues on battery and motherboard. It was an 8 years laptop, so i decided to directly buy a new device for my “ personal purposes WINDOWS FORENSICS: ANALYSIS OF RECYCLE BIN ARTIFACTS Rifiuti2 is a tool developed by Abel Cheung for forensic analysis of recycle bin files from Windows. The tool can extract file deletion time, original path and size of deleted files. It is a rewrite of rifiuti, which is originally written by FoundStone folks for identical purpose. Then it was extended to cover more functionalities, such as: COBALTSTRIKESCAN: IDENTIFY COBALTSTRIKE BEACONS IN A security researcher known as “Apra” has published on his GitHub account a new tool, called “CobaltStrikeScan” , useful for identify Cobalt Strike beacons in files and processes memory: CobaltStrikeScan scans Windows process memory for evidence of DLL injection (classic or reflective injection) and performs a YARA scan on the target process’ memory for Cobalt Strike v3 and v4 DIDIER STEVENS: FINDING METASPLOIT & COBALT STRIKE URLS An interesting article and video lesson by security reserarcher Didier Stevens. Cobalt Strike and Metasploit are the offensive security tools most commonly used to host malware command-and-control (C2) servers: both tool allows generation of shellcode for http(s) shells so, during a malware/forensic analysis, is really useful be able to identify URLsused by this kind
WINDOWS COMMAND LINE CHEATSHEET (PART 2): WMIC This command-line tool is really useful for both penetration testing and forensics tasks The previous article has raised interest in readers regarding WMIC.So I decided to write an article dedicated to this tool. If you’ve done any scripting for the Windows platform, you’ve probably bumped into the Windows Management Instrumentation (WMI) scripting API, which can WINDOWS INFORMATION GATHERING USING POWERSHELL: A BRIEF During a penetration test, once you get a local access to a target, you should start a local assessment of the machine in order to plan a correct tactic for privileges escalation and lateral movement. So, today l’d like to share my own cheatsheet of useful powershell commands. Basic System Information Start-Process "systeminfo"-NoNewWindow -Wait;
AMCACHE AND SHIMCACHE IN FORENSIC ANALYSIS Shimcache. Shimcache, also known as AppCompatCache, is a component of the Application Compatibility Database, which was created by Microsoft (beginning in Windows XP) and used by the operating system to identify application compatibility issues. The cache stores various file metadata depending on the operating system, such as: Shimcache Last HOW TO UNPROTECT EXCEL WORKSHEET, IN 5 SIMPLE STEPS Rename the XLSX file as ZIP. Extract the ZIP archive. Into the extracted archive (in xl -> worksheets folder) you can find some XML files that contains data and metadata of the worksheets. Open every file with your favorite texteditor, search the XML tag named sheetProtection and remove the entire tag. Save the files. VOLATILITY, MY OWN CHEATSHEET (PART 1): IMAGE Volatility, my own cheatsheet (Part 1): Image Identification. June 25, 2017. In order to start a memory analysis with Volatility, the identification of the type of memory image is a mandatory step. Here some usefull commands. VOLATILITY, MY OWN CHEATSHEET (PART 8): FILESYSTEM Volatility, my own cheatsheet (Part 8): Filesystem. With this part, we ended the series dedicated to Volatility: the last ‘episode’ is focused on file system. If you want to read the other parts, take a look to this index: And now, let’s start to parsing the filesystemdata!
CODING ON IPAD PRO: MY OWN SETUP Coding on iPad Pro: my own setup. March 13, 2021. Some months ago, my loved Thinkpad x1 carbon started to have some issues on battery and motherboard. It was an 8 years laptop, so i decided to directly buy a new device for my “ personal purposes WINDOWS FORENSICS: ANALYSIS OF RECYCLE BIN ARTIFACTS Rifiuti2 is a tool developed by Abel Cheung for forensic analysis of recycle bin files from Windows. The tool can extract file deletion time, original path and size of deleted files. It is a rewrite of rifiuti, which is originally written by FoundStone folks for identical purpose. Then it was extended to cover more functionalities, such as: COBALTSTRIKESCAN: IDENTIFY COBALTSTRIKE BEACONS IN A security researcher known as “Apra” has published on his GitHub account a new tool, called “CobaltStrikeScan” , useful for identify Cobalt Strike beacons in files and processes memory: CobaltStrikeScan scans Windows process memory for evidence of DLL injection (classic or reflective injection) and performs a YARA scan on the target process’ memory for Cobalt Strike v3 and v4 DIDIER STEVENS: FINDING METASPLOIT & COBALT STRIKE URLS An interesting article and video lesson by security reserarcher Didier Stevens. Cobalt Strike and Metasploit are the offensive security tools most commonly used to host malware command-and-control (C2) servers: both tool allows generation of shellcode for http(s) shells so, during a malware/forensic analysis, is really useful be able to identify URLsused by this kind
WINDOWS COMMAND LINE CHEATSHEET (PART 2): WMIC This command-line tool is really useful for both penetration testing and forensics tasks The previous article has raised interest in readers regarding WMIC.So I decided to write an article dedicated to this tool. If you’ve done any scripting for the Windows platform, you’ve probably bumped into the Windows Management Instrumentation (WMI) scripting API, which can WINDOWS INFORMATION GATHERING USING POWERSHELL: A BRIEF During a penetration test, once you get a local access to a target, you should start a local assessment of the machine in order to plan a correct tactic for privileges escalation and lateral movement. So, today l’d like to share my own cheatsheet of useful powershell commands. Basic System Information Start-Process "systeminfo"-NoNewWindow -Wait;
AMCACHE AND SHIMCACHE IN FORENSIC ANALYSIS Shimcache. Shimcache, also known as AppCompatCache, is a component of the Application Compatibility Database, which was created by Microsoft (beginning in Windows XP) and used by the operating system to identify application compatibility issues. The cache stores various file metadata depending on the operating system, such as: Shimcache Last HOW TO UNPROTECT EXCEL WORKSHEET, IN 5 SIMPLE STEPS Rename the XLSX file as ZIP. Extract the ZIP archive. Into the extracted archive (in xl -> worksheets folder) you can find some XML files that contains data and metadata of the worksheets. Open every file with your favorite texteditor, search the XML tag named sheetProtection and remove the entire tag. Save the files. VOLATILITY, MY OWN CHEATSHEET (PART 1): IMAGE Volatility, my own cheatsheet (Part 1): Image Identification. June 25, 2017. In order to start a memory analysis with Volatility, the identification of the type of memory image is a mandatory step. Here some usefull commands. VOLATILITY, MY OWN CHEATSHEET (PART 8): FILESYSTEM Volatility, my own cheatsheet (Part 8): Filesystem. With this part, we ended the series dedicated to Volatility: the last ‘episode’ is focused on file system. If you want to read the other parts, take a look to this index: And now, let’s start to parsing the filesystemdata!
ANDREA FORTUNA
An academic research, conducted by Professor Douglas J. Leith from Trinity College at the University of Dublin, analyzed traffic originating from iOS and Android devices heading to Apple and Google servers at various stages of a phone’s operation, such as data shared, founding that Google collects around 20 times more telemetry data from Android devices than Apple from iOS. WINDOWS INFORMATION GATHERING USING POWERSHELL: A BRIEF During a penetration test, once you get a local access to a target, you should start a local assessment of the machine in order to plan a correct tactic for privileges escalation and lateral movement. So, today l’d like to share my own cheatsheet of useful powershell commands. Basic System Information Start-Process "systeminfo"-NoNewWindow -Wait;
WINDOWS SERVICE ACCOUNTS ENUMERATION USING POWERSHELL Windows Service Accounts are the elephant in the room in the corporate environment: things that nobody ever talks about or considers to be a problem. Often, these service accounts are in the Domain Admins group, with passwords like “Service123”, “Password123”, “CompanyName123” or something equally simple. Further, application vendors that use these services insist on just HOW TO UNPROTECT EXCEL WORKSHEET, IN 5 SIMPLE STEPS Rename the XLSX file as ZIP. Extract the ZIP archive. Into the extracted archive (in xl -> worksheets folder) you can find some XML files that contains data and metadata of the worksheets. Open every file with your favorite texteditor, search the XML tag named sheetProtection and remove the entire tag. Save the files. VOLATILITY, MY OWN CHEATSHEET (PART 8): FILESYSTEM With this part, we ended the series dedicated to Volatility: the last ‘episode’ is focused on file system. If you want to read the other parts, take a look to this index: Image Identification Processes and DLLs Process Memory Kernel Memory and Objects Networking Windows Registry Analyze and convert crash dumps and hibernation filesFilesystem And
#WIBATTACK: NOT ONLY S@T BROWSER, BUT ALSO WIB SIM TOOLKIT The attack scenario is very similar to the vulnerability, according with the researcher report: (1) Attacker sends a malicious OTA SMS to the victim phone number. The OTA SMS contains WIB command such as: SETUP CALL, SEND SMS, PROVIDE LOCATION INFO, etc. (2) Right after receiving the OTA SMS, Baseband Operating System of the victim mobile phone uses ENVELOP HOW TO INSTALL LATEST WIDEVINE PLUGIN ON CHROMIUM In order to watch Netflix! Have you installed Chromium on your linux box, every works well but Netflix don’t? Do you know why? The answer is simple: Chromium browser lacks Widevine module! Widevine is a decryption module for DRM (digital rights management) used in Google Chrome and Android. It operates as an encryption scheme to securely distribute video content to consumer devices. MAC(B) TIMES IN WINDOWS FORENSIC ANALYSIS During a forensic analysis, especially during timeline analysis, you deal with MAC timestamps, so it’s important to know and understand the concept of time resolution. The MAC (b) times are derived from file system metadata and they stand for: The (b) is in parentheses because not all file systems record a birth time. VOLATILITY, MY OWN CHEATSHEET (PART 2): PROCESSES AND DLLS Once identified the correct profile, we can start to analyze the processes in the memory and, when the dump come from a windows system, the loaded DLLs. pslist To list the processes of a system, use the pslist command. This walks the doubly-linked list pointed to by PsActiveProcessHead and shows the offset, process name, process ID,the parent process
HOW TO FIND UNSECURED S3 BUCKETS: SOME USEFUL TOOLS A script to find unsecured S3 buckets and dump their contents, developed by Dan Salmon. The tool has 2 parts: s3finder.py, a script takes a list of domain names and checks if they’re hosted on Amazon S3. s3dumper.sh, a script that takes the list of domains with regions made by s3finder.py and for each domain, it checks if there arepublicly
CODING ON IPAD PRO: MY OWN SETUP Coding on iPad Pro: my own setup. March 13, 2021. Some months ago, my loved Thinkpad x1 carbon started to have some issues on battery and motherboard. It was an 8 years laptop, so i decided to directly buy a new device for my “ personal purposes WINDOWS INFORMATION GATHERING USING POWERSHELL: A BRIEFPOWERSHELL FUNCTION PROCESSPOWERSHELL GET PROCESSPOWERSHELL PROCESS NAME During a penetration test, once you get a local access to a target, you should start a local assessment of the machine in order to plan a correct tactic for privileges escalation and lateral movement. So, today l’d like to share my own cheatsheet of useful powershell commands. Basic System Information Start-Process "systeminfo"-NoNewWindow -Wait;
WINDOWS FORENSIC ANALYSIS: SOME THOUGHTS ON RDP RELATED Recently I had to perform a forensic investigation on a server that had made some strange Remote Desktop activities.In that case, the analysis of windows events has turned out really useful. So, today I’d like to share a brief cheatsheet of Windows Event IDs related to RDP activities. Connection Authentication Session Connected Session Disconnected Session IOS FORENSIC: FULL DISK ACQUISITION USING CHECKRA1N A simple step-to-step tutorial for iOS full acquisition. The release of Checkm8 iOS exploit, in september 2019, was a bit topic: an exploit could be used on every iOS device made over an approximately 5-year period had major consequences. Checkm8 is a iOS BootROM vulnerability exploit which affects iPhone 4S through to iPhone X (A5 DIDIER STEVENS: FINDING METASPLOIT & COBALT STRIKE URLS An interesting article and video lesson by security reserarcher Didier Stevens. Cobalt Strike and Metasploit are the offensive security tools most commonly used to host malware command-and-control (C2) servers: both tool allows generation of shellcode for http(s) shells so, during a malware/forensic analysis, is really useful be able to identify URLsused by this kind
HOW A KEYLOGGER WORKS: A SIMPLE POWERSHELL EXAMPLE Some months ago i’ve written a post about keyloggers (because “during a malware analysis process is useful to know how a keylogger works”), where I’ve shared a simple Windows keylogger written in Python.. Today I want to share another example, this time written in Powershell: I think it may be a useful knowlege during malware analysis activities. MAC(B) TIMES IN WINDOWS FORENSIC ANALYSIS During a forensic analysis, especially during timeline analysis, you deal with MAC timestamps, so it’s important to know and understand the concept of time resolution. The MAC (b) times are derived from file system metadata and they stand for: The (b) is in parentheses because not all file systems record a birth time. AMCACHE AND SHIMCACHE IN FORENSIC ANALYSIS Shimcache. Shimcache, also known as AppCompatCache, is a component of the Application Compatibility Database, which was created by Microsoft (beginning in Windows XP) and used by the operating system to identify application compatibility issues. The cache stores various file metadata depending on the operating system, such as: Shimcache Last PHISHING WITH UNICODE DOMAINS, AN ATTACK ALMOST IMPOSSIBLE The vulnerability affects Chrome, Firefox and Opera The security researcher Xudong Zheng has discovered a new technique for phishing attacks: using an homograph attack, Zheng discovers that is possible to display a fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial credentials and other sensitive information CLASSICAL GUITAR WITHOUT FINGERNAILS? AN OPINION BY ROBCLASSICAL GUITAR FINGERNAIL CARECLASSICAL GUITAR FINGERNAIL PICKSCLASSICAL GUITAR NAIL FILECLASSICAL GUITAR NAIL CARECLASSICAL GUITAR NAIL SHAPECLASSICAL GUITAR NAIL LENGTH Never ask a group of classical guitarists if you can play even without the nails of the right hand! You risk being insulted brutally.and absolutely do not mention Tárrega! Seriously, I came across this video where Rob MacKillop explains his technique developed without using the nails of his right hand, inspired by Fernando Sor technique. CODING ON IPAD PRO: MY OWN SETUP Coding on iPad Pro: my own setup. March 13, 2021. Some months ago, my loved Thinkpad x1 carbon started to have some issues on battery and motherboard. It was an 8 years laptop, so i decided to directly buy a new device for my “ personal purposes WINDOWS INFORMATION GATHERING USING POWERSHELL: A BRIEFPOWERSHELL FUNCTION PROCESSPOWERSHELL GET PROCESSPOWERSHELL PROCESS NAME During a penetration test, once you get a local access to a target, you should start a local assessment of the machine in order to plan a correct tactic for privileges escalation and lateral movement. So, today l’d like to share my own cheatsheet of useful powershell commands. Basic System Information Start-Process "systeminfo"-NoNewWindow -Wait;
WINDOWS FORENSIC ANALYSIS: SOME THOUGHTS ON RDP RELATED Recently I had to perform a forensic investigation on a server that had made some strange Remote Desktop activities.In that case, the analysis of windows events has turned out really useful. So, today I’d like to share a brief cheatsheet of Windows Event IDs related to RDP activities. Connection Authentication Session Connected Session Disconnected Session IOS FORENSIC: FULL DISK ACQUISITION USING CHECKRA1N A simple step-to-step tutorial for iOS full acquisition. The release of Checkm8 iOS exploit, in september 2019, was a bit topic: an exploit could be used on every iOS device made over an approximately 5-year period had major consequences. Checkm8 is a iOS BootROM vulnerability exploit which affects iPhone 4S through to iPhone X (A5 DIDIER STEVENS: FINDING METASPLOIT & COBALT STRIKE URLS An interesting article and video lesson by security reserarcher Didier Stevens. Cobalt Strike and Metasploit are the offensive security tools most commonly used to host malware command-and-control (C2) servers: both tool allows generation of shellcode for http(s) shells so, during a malware/forensic analysis, is really useful be able to identify URLsused by this kind
HOW A KEYLOGGER WORKS: A SIMPLE POWERSHELL EXAMPLE Some months ago i’ve written a post about keyloggers (because “during a malware analysis process is useful to know how a keylogger works”), where I’ve shared a simple Windows keylogger written in Python.. Today I want to share another example, this time written in Powershell: I think it may be a useful knowlege during malware analysis activities. MAC(B) TIMES IN WINDOWS FORENSIC ANALYSIS During a forensic analysis, especially during timeline analysis, you deal with MAC timestamps, so it’s important to know and understand the concept of time resolution. The MAC (b) times are derived from file system metadata and they stand for: The (b) is in parentheses because not all file systems record a birth time. AMCACHE AND SHIMCACHE IN FORENSIC ANALYSIS Shimcache. Shimcache, also known as AppCompatCache, is a component of the Application Compatibility Database, which was created by Microsoft (beginning in Windows XP) and used by the operating system to identify application compatibility issues. The cache stores various file metadata depending on the operating system, such as: Shimcache Last PHISHING WITH UNICODE DOMAINS, AN ATTACK ALMOST IMPOSSIBLE The vulnerability affects Chrome, Firefox and Opera The security researcher Xudong Zheng has discovered a new technique for phishing attacks: using an homograph attack, Zheng discovers that is possible to display a fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial credentials and other sensitive information CLASSICAL GUITAR WITHOUT FINGERNAILS? AN OPINION BY ROBCLASSICAL GUITAR FINGERNAIL CARECLASSICAL GUITAR FINGERNAIL PICKSCLASSICAL GUITAR NAIL FILECLASSICAL GUITAR NAIL CARECLASSICAL GUITAR NAIL SHAPECLASSICAL GUITAR NAIL LENGTH Never ask a group of classical guitarists if you can play even without the nails of the right hand! You risk being insulted brutally.and absolutely do not mention Tárrega! Seriously, I came across this video where Rob MacKillop explains his technique developed without using the nails of his right hand, inspired by Fernando Sor technique. DFIR_NTFS: A FORENSIC PARSER FOR NTFS FILESYSTEMS NTFS filesystem is a gold mine for forensic analysis on Microsoft Windows systems. There are a lot of tools useful for extract a timeline of the activities on the filesystem, or for search anomalies that identify time stomping events. Recently I’ve discovered another useful tool, developed by Maxim Suhanov, named dfir_ntfs :dfir_ntfs: an NTFS
IOS FORENSIC: FULL DISK ACQUISITION USING CHECKRA1N A simple step-to-step tutorial for iOS full acquisition. The release of Checkm8 iOS exploit, in september 2019, was a bit topic: an exploit could be used on every iOS device made over an approximately 5-year period had major consequences. Checkm8 is a iOS BootROM vulnerability exploit which affects iPhone 4S through to iPhone X (A5 WINDOWS FORENSIC ANALYSIS: SOME THOUGHTS ON RDP RELATED Recently I had to perform a forensic investigation on a server that had made some strange Remote Desktop activities.In that case, the analysis of windows events has turned out really useful. So, today I’d like to share a brief cheatsheet of Windows Event IDs related to RDP activities. Connection Authentication Session Connected Session Disconnected Session WINDOWS INFORMATION GATHERING USING POWERSHELL: A BRIEF During a penetration test, once you get a local access to a target, you should start a local assessment of the machine in order to plan a correct tactic for privileges escalation and lateral movement. So, today l’d like to share my own cheatsheet of useful powershell commands. Basic System Information Start-Process "systeminfo"-NoNewWindow -Wait;
WINDOWS FORENSICS: ANALYSIS OF RECYCLE BIN ARTIFACTS Rifiuti2 is a tool developed by Abel Cheung for forensic analysis of recycle bin files from Windows. The tool can extract file deletion time, original path and size of deleted files. It is a rewrite of rifiuti, which is originally written by FoundStone folks for identical purpose. Then it was extended to cover more functionalities, such as: HOW A KEYLOGGER WORKS: A SIMPLE POWERSHELL EXAMPLE Some months ago i’ve written a post about keyloggers (because “during a malware analysis process is useful to know how a keylogger works”), where I’ve shared a simple Windows keylogger written in Python.. Today I want to share another example, this time written in Powershell: I think it may be a useful knowlege during malware analysis activities. IOS FORENSICS: BFU (BEFORE FIRST UNLOCK) ACQUISITION iOS forensic is quite complex: in many cases, jailbreaking is the only way to gather all most information available in iOS devices. Ok, logical acquisition is easy, safe and it always works: however, this kind of acquisition mostly gives you the same data you can get via iTunes: a simple backup (sometimes encrypted), media files CLASSICAL GUITAR WITHOUT FINGERNAILS: THE VALUE OF THE The fingertip is a soft body, wider than the nail and therefore, by pinching the string, it must make a greater effort. This effort necessarily requires a greater pressure and resistance of the left hand to overcome the pressure of the strings. It follows that the barrè, the scales, the slurs, the extended positions and certainvirtuosic
HOW TO UNPROTECT EXCEL WORKSHEET, IN 5 SIMPLE STEPS Rename the XLSX file as ZIP. Extract the ZIP archive. Into the extracted archive (in xl -> worksheets folder) you can find some XML files that contains data and metadata of the worksheets. Open every file with your favorite texteditor, search the XML tag named sheetProtection and remove the entire tag. Save the files. STOCK-MARKET FRAUD, STEGANOGRAPHY AND CYBERATTACKS…IN 1834 Human factor and steganography. In 1834 François and Joseph Blanc, two bankers working on the Bordeaux stock exchange, hired a colleague in Paris for keeping a watch on Paris stock exchange and pass information on the most significant trends to a telegraph operator in Tours, on the line that transmitted data to Bordeaux.. Since the telegraph network was for governmental use only, the BlancANDREA FORTUNA
JUST SOME RANDOM THOUGHTS ABOUT THE MEANING OF LIFE, THE UNIVERSE, ANDEVERYTHING
* Home
* About
* Cybersecurity
* Music
* Technology
* TLDR
* RoundUp
JEFFREY PAUL: YOUR COMPUTER ISN’T YOURS Some privacy concerns about APPLE SILICON and MACOS BIG SUR.Continue…
* Privacy
FAMA: FORENSIC ANALYSIS FOR MOBILE APPS FAMA (Forensic Analysis For Mobile Apps) is a forensic framework developed in Python (2.7+) by Lab of Cybersecurity and Digital Forensics at IPLeiria (LabCIF ).Continue…
* Forensics
PRIVACY ROUNDUP #18
“_It’s dangerous when people are willing to give up their privacy._“ – NOAM CHOMSKYContinue…
* RoundUp
LINUX FORENSICS: MEMORY CAPTURE AND ANALYSIS In my previous posts I often covered many tools and techniques that allows memory acquisition from a WINDOWS system. However, I written few articles about LINUX memory acquisition and analysis, only one brief post regarding memory profiles generation on LINUX, using LIME.Continue…
* Forensics
COBALTSTRIKESCAN: IDENTIFY COBALTSTRIKE BEACONS IN PROCESSES MEMORY COBALT STRIKE was born as a penetration testing tool, useful for RedTeaming activities.
Continue…
* Dfir
“WEAPONIZING THE NOISE“: A DARK AMBIENT JOURNEY “_Dark Ambient_” or “_Noise Music_“? I’m not sure!Continue…
* Music
CYBERSECURITY ROUNDUP #18 “_If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked_” ― RICHARDCLARKE
Continue…
* RoundUp
DIGITAL FORENSIC BASICS: AN ANALYSIS METHODOLOGY FLOW CHART Data extraction, data acquisition, data analysis? Let’s try to make it a little clearer!Continue…
* Dfir
TECHNOLOGY ROUNDUP #17 “_Technology is best when it brings people together_” – MATTMULLENWEG
Continue…
* RoundUp
PRIVACY ROUNDUP #17
”_A child born today will grow up with no conception of privacy at all. They’ll never know what it means to have a private moment to themselves, an unrecorded unanalyzed thought. And that’s a problem because privacy matters. Privacy is what allows us to determine who we are and who we want to be._” – _EDWARD SNOWDEN_Continue…
* RoundUp
Older
Proudly developed by Andrea Fortuna We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you arehappy with it.Ok
Details
Copyright © 2024 ArchiveBay.com. All rights reserved. Terms of Use | Privacy Policy | DMCA | 2021 | Feedback | Advertising | RSS 2.0