Malware Detection: Malware common locations are Windows\System32temp foldersC:\Windows or %SYSTEMROOT%System volume informationRecycle binProgram filesTemporary internet files Malware Persistence: DLL Search Order Hijacking: Place malicious file ahead of DLL in Window's DLL search order hierarchyCommon example: Explorer.exe loading bad ntshrui.dll DLL Search Order: Memory --> KnownDLL registry list --> Directory where executable/process is located --> current… Continue reading Malware Forensics Concepts – Quick Reference
MITRE ATT&CK framework these days has become ubiquitous with almost every blue and red teaming task. Recently, I was working on a task to collate MITRE ATT&CK Tactics, Techniques, Procedures and their mapping to the adversary groups and the log collection that is required. Came across a great tool Mitre-Assistant where you can get Mac/Linux/Windows… Continue reading Mitre-Assistant
Knowledge base from Kringlecon 2018
The recent SANS holiday hack challenge aka Kringlecon 2018 was one of the best challenges I've ever attended and personally there were a lot of things that I'd learned and refreshed some basics. I really liked the theme of a virtual conference with talks on various cyber security topics and the way objectives complexity increases.… Continue reading Knowledge base from Kringlecon 2018
How to move harddisk from SATA to SCSI or SAS controller on Virtual Box
Open Virtual Box settings and open File -> Virtual Media Manager Identify the hard disk under the tab “Hard Disks". Click on it and select Copy from the options above. The Disk Image to Copy wizard opens and select appropriate options. Once the hard disk is successfully copied, select the VM where you want to… Continue reading How to move harddisk from SATA to SCSI or SAS controller on Virtual Box
Setting up DVWA(Damn Vulnerable Web Application) on Ubuntu 16.04 LTS
Follow all the steps from https://linuxsecurityblog.com/2016/01/28/install-dvwa-on-ubuntu/ Starting from Ubuntu 16.04 LTS, php5 support is dropped! Hence, install all php7 as below apt-get install libapache2-mod-php apt-get install php-mysql apt-get install php-gd Rest all the commands in the blog works !! Enjoy Exploiting!
Installing Datasploit on Ubuntu 16.04 LTS
While installing, data sploit on Ubuntu 16.04 LTS following the link https://datasploit.readthedocs.io/en/latest/setupGuide/, you will come up with an issue that libxml2 and libxslt packages are not available Use the below link to fix the same : https://github.com/CiscoDevNet/yang-explorer/issues/36 or try the command, apt-get -y install libxml2-dev libxslt-dev python-dev libxslt1-dev zlib1g-dev Once done, run the command, ldconfig… Continue reading Installing Datasploit on Ubuntu 16.04 LTS
Hunting through Email Headers
This lengthy blog provides an overview on the email header analysis and various ways of performing the threat hunt !!