archive
Date: April 2014

2014/04/23

Tracer Fire 5 Series: Part 2.0 (Indy Category)

by InterDimensional_Shambler
Categories: Analysis
Tags: ,
Comments: Leave a Comment

Background: This is a continuation of the Tracer Fire 5 Series posts: http://malwerewolf.com/2014/03/tracer-fire-5-series-part-1-0-intro/ Tools Used: Kahu Security’s “converter” http://www.kahusecurity.com/tag/converter/ Your favorite hex editor (I use 010 Editor, McAfee’s File Insight, etc) GIF Exploder http://gif-explode.com/ 7-zip http://www.7-zip.org/download.html GIMP http://www.gimp.org/ Winamp/VLC/Audio Player ZIP Recovery http://www.softpedia.com/get/Compression-tools/Zip-Recovery.shtml Indy Category: This category had a little bit of everything; ciphertext, images,[…]

2014/04/13

Yet Another HeartBleed Analysis

by InterDimensional_Shambler
Categories: Analysis, Network Forensics
Tags: No Tags
Comments: Leave a Comment

Yet Another HeartBleed Analysis (Bonus: Incident Response): By InterDimSham Preparation What’s affected Any device implementing OpenSSL 1.0.1 through 1.0.1f. How it Works Heartbeat is an extension of the TLS/DTLS protocol. The heartbeat is used as a keep-alive function without having to re-neg(otiate). The attack allows someone to get ~64KB of memory from a server running[…]

2014/04/10

New SIFT Available!

by Destruct_Icon
Categories: Analysis, Host Forensics, News
Tags: ,
Comments: Leave a Comment

Excited to mention that a new SIFT Kit is out! http://digital-forensics.sans.org/community/downloads Thanks SANS for being awesome! Go get your Log2Timeline and Volatility on! Here’s a list of new features per the SANS website. “Key new features of SIFT 3.0 include: Ubuntu LTS 12.04 Base 64 bit base system Better memory utilization Auto-DFIR package update and[…]

2014/04/09

Wireshark Primer: Manual Carve HTTP Objects

by InterDimensional_Shambler
Categories: Analysis, Network Forensics
Tags: ,
Comments: Leave a Comment

Wireshark Primer: Manual Carve HTTP Objects Description: This is the first wireshark primer article (there will be more) on how to manually carve HTTP objects from network dumps (PCAPs) using wireshark. A lot of this can be done automatically with tools like network miner, photorec, bulk extractor, and foremost but this article is meant to[…]


Today is Monday
2017/12/18