Learning by practicing
Learning is an ongoing activity ... practicing makes it fun
Thursday, July 12, 2018
Understanding IP Fragmentation Overlapping with Scapy
›
The following alert was received from a Symantec Endpoint Protection (SEP) device <179>Jul 10 09:25:14 sep-papw01 SymantecServer: ...
Monday, July 9, 2018
Host based threat hunting with Australia's Cert DensityScout and Sysinternals's Sigcheck
›
In this post, I'm looking at using a two different tools to detect the known unknowns. Basically, I will be doing some host based threat...
2 comments:
Sunday, June 3, 2018
Remote Live Response with SANS SIFT and F-Response - Analysing the memory
›
Before I get going, I must confess, I was unable to execute volatility successfully against the Windows 10 machine. I got the "imageinf...
Remote Live Response with SANS SIFT and F-Response - Analysing the disk
›
Now that we have access to the remote disk as seen in this post , we can now leverage our Linux based disk tools to analyze the remotely att...
Remote Live Response with SANS SIFT and F-Response - Getting access to the data
›
Before we get going, it is assumed that you have already configured and installed F-Response on your client machines. That is you have your ...
DC3dd - Creating a Forensic Image of a USB
›
Since the USB drive being duplicated is being plugged into a Linux based system or more specifically SANS SIFT Workstation, to make sure the...
‹
›
Home
View web version