All human information can be divided according to importance, like that: Losing files is always unpleasant. That's why we make backups. But the degree to which information security efforts are paranoid depends on the importance. There is a file category, which cannot be lost under any circumstances, even in case of BP. Read More …
Category: Blogs
Blog about things familiar to most people, from a non-standard point of view.
Advertisements
Anonymous search networks. DuckDuckGo Review.
DuckDuckGo– it is a famous open source search engine, which declares, that it does not track or store personal information of its users. This is independent, which “tired” from online tracking. As the company itself declares: We help protect your privacy with our free browser, which can Read More …
Analysis of the HelloKitty ransomware source code
Assembly and handwriting. For the purpose of analysis, the source code was taken, leaked to the public on October 10, 2023. The program is written in C++ (uses the C++17 standard and supports Windows XP) and was assembled on MSVS 2015. Project file tags indicate the creation of source code on a Russian-language OS. Read More …
Cloudflare's DDoS protection was bypassed
Protection Mechanisms, configured by Cloudflare customers (For example, firewall, preventing DDoS attacks) for websites, may be bypassed due to gaps in firewall security controls, potentially exposing clients to attacks, which Cloudflare should prevent. Attackers can use their own Cloudflare accounts to abuse trusted relationships Read More …
PoSH-R2 script for collecting various diagnostic information
Description PoSh-R2PowerShell – this is a set of powershell scripts for Windows Management Instrumentation (WMI), which investigators and forensic analysts can use to extract information from compromised (or potentially compromised) Windows systems. The scripts use WMI to extract this information from the operating system. Hence, this Read More …
LinuxCheck: Linux information gathering tool
LinuxCheck– this is a small bash script to collect information, useful for emergency response on Debian and Centos systems. Characteristics: LinuxCheck– this is a separate script, capable of collecting a large set of information: CPU TOP10, memory TOP10 CPU usage boot time Hard disk information User information, information about passwd Read More …
How to extract forensic artifacts from pagefile.sys?
Microsoft Windows uses page file (pagefile.sys), for storing memory blocks, which do not currently fit into physical memory. This file, is stored at %SystemDrive%pagefile.sys and is a hidden system file and cannot be read or accessed by the user, including Administrator on active system. This file Read More …
Analyzing compressed memory in Windows 10
Memory analysis in Windows 10 very different from previous versions of Windows: new feature, called memory compression, makes a forensic tool necessary, capable of reading compressed memory pages. Memory compression in Windows 10 Latest Windows Releases 10 enable memory compression function, which Read More …
Problems and threats of biometric identification
IN 2018 The law on biometric identification came into force in Russia. Banks are implementing biometric systems and collecting data for placement in the Unified Biometric System (Elementary school). Biometric identification gives citizens the opportunity to receive banking services remotely. This saves them from Read More …
Amcache and Shimcache in forensic analysis
Data from Amcache and Shimcache can provide a timeline of whether, what program was executed, when it was first launched and last modified.