krebsonsecurity.com
At the Crossroads of eThieves and Cyberspies — Krebs on Security
https://krebsonsecurity.com/2012/05/at-the-crossroads-of-ethieves-and-cyberspies
Ensp;Subscribe to RSS. Ensp;Follow me on Twitter. Ensp;Join me on Facebook. In-depth security news and investigation. At the Crossroads of eThieves and Cyberspies. Lost in the annals of campy commercials from the 1980s is a series of ads. That featured improbable scenes between two young people (usually of the opposite sex) who always somehow caused the inadvertent collision of peanut butter and chocolate. After the mishap, one would complain, “Hey you got your chocolate in my peanut butter! APT) inciden...
forensicmethods.com
Post-Snowden Forensics | Forensic Methods
http://forensicmethods.com/snowden-forensics
March 1, 2014. Mdash; Leave a comment. It has been over six months since Edward Snowden’s unprecedented NSA leaks, and we are still a long way from being able to assess the damage. Worldwide trust in United States tech companies has undoubtedly been shaken. Cisco Systems blamed a ten percent revenue drop. On fallout from the leaks. Microsoft is offering the ability for foreign customers to have their data stored outside of the United States. Secure Sockets Layer Encryption as the Default. Paradoxically, ...
secureconnexion.wordpress.com
CISPA Bill Passed by Representatives Again – Trouble on the Horizon! | Secure Connexion
https://secureconnexion.wordpress.com/2013/04/22/cispa-bill-passed-by-representatives-again-trouble-on-the-horizon
CURE for your Security, Better Connexion! April 22, 2013. CISPA Bill Passed by Representatives Again – Trouble on the Horizon! The Cyber Information Sharing and Protection Act, AKA CISPA, has once again passed in the US House of Representatives. Reminder that this bill gives government agencies and their other agencies access to personal, private user data to help monitor for the presence of hackers. Now, when CISPA was first passed, Senate said NO! Will it completely stop hacker initiatives? Of course t...
taksati.org
indx Archives - TAKSATI
http://www.taksati.org/tag/indx
I needed to walk a directory index for another script I was working on. I figured, as long as I was there trying to prototype that, I would just dump out the entire Index. Like the MFT parser below, this dumps to the console. Blue check the folder of interest and run. It will operate successfully against multiple checked folders, but the output is kinda long and hard to keep straight, so I don’t recommend it. Posted on 2011-09-20, 12:35 am. Andre Ross's digfor. Bruce Schneier's Him on Security.
taksati.org
autoruns Archives - TAKSATI
http://www.taksati.org/tag/autoruns
This is an EnCase EnScript I wrote a few years back. The original design goal was to implement Sysinternals Autoruns.exe inside EnCase so it could be run against dead drives during forensics cases. Sysinternals has since reworked Autoruns.exe so it can work against a dead drive, thus limiting the usefulness of this script. It still comes in handy for certain tasks since it is faster than mounting the drive to run Autoruns.exe. Due to changes in the Registry files, this doesn’t work on Windows 7. Richard ...
taksati.org
June 2013 - TAKSATI
http://www.taksati.org/2013/06
Monthly Archives: June 2013. I’m not sure how I missed it when it came out in 2009, but Peter Norris has put together an absolutely fantastic write up on the internal structures of the Registry. Deep internal knowledge like this is vital when you are finding parts of old registry files in unallocated space, the page file, or memory. For anyone else who has seen this paper, it is hosted here:. Http:/ amnesia.gtisc.gatech.edu/ moyix/suzibandit.ltd.uk/MSc/. Posted on 2013-06-17, 11:19 pm. Mac OS X Forensics.
taksati.org
August 2012 - TAKSATI
http://www.taksati.org/2012/08
Monthly Archives: August 2012. Microsoft publishes a CODEC Pack that will enable its built-in viewers to also properly display most of the RAW image formats. It is available for download here:. Http:/ www.microsoft.com/en-us/download/details.aspx? Posted on 2012-08-07, 9:31 pm. Andre Ross's digfor. Bruce Schneier's Him on Security. BugBear's Security Braindump. Chad Tillbury's Forensic Methods. Chris Pogue's The Digital Standard. Command Line Kung Fu. Corey Harrell's Journey Into Incident Response.
taksati.org
enscript Archives - TAKSATI
http://www.taksati.org/tag/enscript
I needed to walk a directory index for another script I was working on. I figured, as long as I was there trying to prototype that, I would just dump out the entire Index. Like the MFT parser below, this dumps to the console. Blue check the folder of interest and run. It will operate successfully against multiple checked folders, but the output is kinda long and hard to keep straight, so I don’t recommend it. Posted on 2011-09-20, 12:35 am. Posted on 2011-08-16, 9:33 pm. Posted on 2011-08-12, 7:29 pm.
taksati.org
October 2014 - TAKSATI
http://www.taksati.org/2014/10
Monthly Archives: October 2014. People still use Word macros! I got an interesting email today. Received: from mail-qa0-f47.google.com (209.85.216.47) by. Myexchange.server (192.168.1.1) with Microsoft SMTP Server id. 142347.0; Wed, 22 Oct 2014 09:02:52 -0400. Received: by mail-qa0-f47.google.com with SMTP id cm18so2352642qab.6. Wed, 22 Oct 2014 06:02:51 -0700 (PDT). X-Received: by 10.140.30.53 with SMTP id c50mr52767444qgc.77.1413982971840;. Wed, 22 Oct 2014 06:02:51 -0700 (PDT). Does not designate 122&...
taksati.org
January 2015 - TAKSATI
http://www.taksati.org/2015/01
Monthly Archives: January 2015. Every Registry file starts with a 4,096 byte header block. The first 512 bytes of that header tell us about the Registry file as a whole. Contained within this header are the following:. Signature: “regf”. Type (0=Registry file; 1=Log file). Offset to root key record. Offset to first non-used block. Value is either 0 or 1. Unknown: “rmtm”. Checksum (XOR32 of above). Here’s what it would look like in a hex editor:. Padding (cont)(repeated lines removed). The type at offset ...
SOCIAL ENGAGEMENT