Overview Let’s say you are given an encryption key and asked this question — “This key can be found somewhere in the Kernel memory. You will be given a memory dump and all the tools you need. Your job is to find where and how this key is stored in the…

A do-it-yourself guide to IP forwarding. What is this article about? This article is a step-by-step guide to try out an Adversary-in-the-middle (AITM) attack by sniffing network traffic. We will be trying this out using two Ubuntu hosts called Victim and Sniffer. …

Examples and Patterns — What is jq? jq is a JSON processing tool written in C. It is a lightweight binary (~30kB) and can be run standalone i.e. you don’t need to install any additional dependencies. jq is available on Linux, OSX, and Windows and is a popular choice for command-line JSON processing. Why another article on jq? I agree there are…

Interprocess communication is fascinating in its own right. It is a mechanism that allows different processes, each running in its own dedicated address space, to talk to each other. The Windows operating system supports a variety of IPC mechanisms. In this article, we will look at an IPC mechanism called…

This article provides information about symmetric key algorithms supported by EFS. This information is required to successfully decrypt a file once the FEK is obtained. EFS supports the use of AES-256 and 3DES symmetric key algorithms for encrypting the DATA attribute (Openspecs-office, 2018). In Windows 10, EFS defaults to using…

This article explains how the USN Journal can be used to monitor file system changes by taking the example of encrypting a plaintext file. Step 1 — Create a plain-text file: echo “Encrypt This!” > C:\Users\test\Documents\file.txt Step 2 — Query the USN Journal and note down the “Next Usn” value. …

Walkthrough of a few approaches using AES-256 Why this article? The computer memory (RAM) can be thought of as a storehouse of secrets. These secrets can range from your instant messenger chats, sites visited in incognito mode, or the encryption keys used by programs to protect your data. The purpose of this article…