DFIR, Malware

Malware Forensics Concepts – Quick Reference

Malware Detection: Malware common locations are Windows\System32temp foldersC:\Windows or %SYSTEMROOT%System volume informationRecycle binProgram filesTemporary internet files Malware Persistence: DLL Search Order Hijacking: Place malicious file ahead of DLL in Window's DLL search order hierarchyCommon example: Explorer.exe loading bad ntshrui.dll DLL Search Order: Memory --> KnownDLL registry list --> Directory where executable/process is located --> current… Continue reading Malware Forensics Concepts – Quick Reference


Knowledge base from Kringlecon 2018

The recent SANS holiday hack challenge aka Kringlecon 2018 was one of the best challenges I've ever attended and personally there were a lot of things that I'd learned and refreshed some basics. I really liked the theme of a virtual conference with talks on various cyber security topics and the way objectives complexity increases.… Continue reading Knowledge base from Kringlecon 2018


How to move harddisk from SATA to SCSI or SAS controller on Virtual Box

Open Virtual Box settings and open File -> Virtual Media Manager Identify the hard disk under the tab “Hard Disks". Click on it and select Copy from the options above. The Disk Image to Copy wizard opens and select appropriate options. Once the hard disk is successfully copied, select the VM where you want to… Continue reading How to move harddisk from SATA to SCSI or SAS controller on Virtual Box


Installing Datasploit on Ubuntu 16.04 LTS

While installing, data sploit on Ubuntu 16.04 LTS following the link https://datasploit.readthedocs.io/en/latest/setupGuide/, you will come up with an issue that libxml2 and libxslt packages are not available Use the below link to fix the same : https://github.com/CiscoDevNet/yang-explorer/issues/36 or try the command, apt-get -y install libxml2-dev libxslt-dev python-dev libxslt1-dev zlib1g-dev Once done, run the command, ldconfig… Continue reading Installing Datasploit on Ubuntu 16.04 LTS