akde/infosec

Click Here

  • Threat Hunting on Linux

    Show sys­tem files which were changed after installation. dpkg --verify Check var­i­ous secu­ri­ty relat­ed issues: checksecurity Tools

  • MemProcFC

    Mem­o­ry ana­lyza­tion soft­wrae to see phys­i­cal mem­o­ry as files in a vir­tu­al file system. GitHub — ufrisk/MemProcFS: MemProcFS

  • Analyzing memory (dumps)

    See also mem­o­ry dump article. Usu­al stuff: Spe­cial­ized software: Thinks to look out for:

  • Binary analysis of PE files

    See the Analy­sis data / foren­sic arti­cle for gen­er­al data analy­sis. Also, rel­e­vant articles: Static analysis Notes before­hand: Have a first look into the file: xxd file.exe | less Have a look into the file segments binwalk file.exe Have a look in the strings strings file.exefloss file.exe You can try to visu­al­ize the entropy to maybe…

  • Code deobfuscation

    Tools: Exe­cu­tion pos­si­bil­i­ties for a dynam­ic analy­sis, if deob­fus­ca­tion is not soooo good: Tipp: Over­write sen­si­ble meth­ods, if the lan­guage allows it. For exam­ple, in JavaScript: eval = print Now, each eval state­ment is not exe­cut­ed, but just printed :-).

  • Detecting Execution traces on Windows

    Goal: See on a sys­tem if some spe­cif­ic exe­cute­able was executed.

  • Windows Forensic

    Registry Windows Event Logging File system analysis See the NTFS arti­cle about logging.

  • Sleuthkit

    Foren­sic tools