PenTest, Forensics and Rescue Live CDs
Some pentesting live CDs have been updated recently or will be shortly. Time for an overview.
Disclaimer:
Some pentesting live CDs have been updated recently or will be shortly. Time for an overview.
Disclaimer:
Finally: the new version of SIFT has been released. http://digital-forensics.sans.org/blog/2014/03/23/sans-sift-3-0-virtual-machine-released
Nice article about malware mechanisms and analysis:
It Is All About Program Execution: http://journeyintoir.blogspot.de/2014/01/it-is-all-about-program-execution.html
Nice: an Open Source write blocker / disk imager for about 199$
FIREBrick: Open Source Hardware Forensic Disk Imager & Write Blocker:
http://digitalfire.ucd.ie/?page_id=1011
Great tutorial by Hansang Bae:
Just out of frustration I’ve started to write my own little IT security notebook. One day 🙂 it should contain all little facts I need to keep in my “protein computer” but can’t manage to do so. It will be updated as I learn stuff and as needed.
If you find it useful or if you’ve found a bug: drop me a line.
In the class “FOR558: Network Forensics” (SANS London 2012) we got a sample PCAP of a custom DNS tunneling in action.
Because I wanted to continue learning Python and digging deeper into network protocols I decided to create a Python script to analyse this custom DNS tunneling.
Decisions:
just a quick link: Extracting ZeroAccess from NTFS Extended Attributes
Nice find: