Posts

Linux Host & Network Information Gathering

Image
For this portion of my notes I will be focusing on collecting information useful for someone attempting to leverage a breached system to further their attack. Here I would be talking about some of the tools and resources that is native within a Linux system that may help scope out a scene. Additionally mentioning some tactics the attacker may use when sniffing or scanning an area with minimal detection.

Lab Examples and the Cyber Kill Chain

Image
Cybersecurity Kill Chain A model that describes stages of an attack (developed by Lockheed Martin). This model assists the red and blue team view how attacks may be deployed.

Kali Linux Fundamentals and Transforming Data

Image
  Kali Linux Fundamentals and Transforming Data Kali Linux is a form of debian linux operating system that specializes in penetration testing, digital forensics, and other forms of security research. This OS is maintained by Offensive Security, a popular security firm that develops security research materials worldwide.

Questions and Answers to some TTPs involving Malicious Processes

Image
When examining ongoing processes for any signs of a breach, is it possible that a malicious process can go under the same name of a legitimate process?  As someone who runs multiple windows of chrome, I expect to see more than one chrome.exe amongst my processes. Malware may run another process under the same name. Additionally I often see malware run processes under a misspelled name at least in some CTFs, is this seen in other breaches?

Taking a Closer Look on IPv6 and Portable Executable Files

Image
These were other materials that I learned during my investigation. Pointing these out here for my own benefit, for whenever I need to return to in the future. When reading out netscan results, most were not in the IPv4 format but rather in IPv6. After some researching I learned I was looking at the link-local IPv6 addresses (LAN) because of the “FE80” denotation, the first 10 bits within a IPv6 address. This introduced me to telling the difference of examining a local address and a global address (for the public).

Memory Analysis Practice

Image
As a DFIR enthusiast, my first post on this blog will be about memory forensics. The following mock case that I have been investigating is provided from DFIR madness by James Smith . The setting of this case involves a popular cartoon character's sauce recipe being leaked and as digital forensic examiners, we must attempt to uncover how this happened. Jumping forward to the analysis phase of the investigation, I will be examining the memory of the domain controller (DC) server. The conclusion of my  findings are at the bottom of this post.