Open in app

Sign in

Write

Sign in

diyinfosec
diyinfosec

20 Followers

Home

About

Feb 3, 2022

Why learning a Forensic Artifact matters?

5-steps to learning an artifact and how I used it to learn a thing or two about NTFS. As security analysts, I am sure some of us have had this question — what’s the best way to improve my host forensics skills? Should I learn more about tools or should…

Forensics

8 min read

Why learning a Forensic Artifact matters?
Why learning a Forensic Artifact matters?
Forensics

8 min read


Jan 29, 2022

Scanning Kernel Memory for a Known Encryption Key

Overview Let’s say you are given an encryption key and asked this question — “This key can be found somewhere in the Kernel memory. You will be given a memory dump and all the tools you need. Your job is to find where and how this key is stored in the…

Windows Internals

3 min read

Scanning Kernel Memory for a Known Encryption Key
Scanning Kernel Memory for a Known Encryption Key
Windows Internals

3 min read


Jan 18, 2022

Adversary-in-the-middle using Network Sniffing

A do-it-yourself guide to IP forwarding. What is this article about? This article is a step-by-step guide to try out an Adversary-in-the-middle (AITM) attack by sniffing network traffic. We will be trying this out using two Ubuntu hosts called Victim and Sniffer. …

Iptables

9 min read

Adversary-in-the-middle using Network Sniffing
Adversary-in-the-middle using Network Sniffing
Iptables

9 min read


Nov 18, 2021

Getting started with jq

Examples and Patterns — What is jq? jq is a JSON processing tool written in C. It is a lightweight binary (~30kB) and can be run standalone i.e. you don’t need to install any additional dependencies. jq is available on Linux, OSX, and Windows and is a popular choice for command-line JSON processing. Why another article on jq? I agree there are…

Jq

7 min read

Jq

7 min read


Apr 15, 2021

Understanding Anonymous Pipes — Part 1 — The Handles

Interprocess communication is fascinating in its own right. It is a mechanism that allows different processes, each running in its own dedicated address space, to talk to each other. The Windows operating system supports a variety of IPC mechanisms. In this article, we will look at an IPC mechanism called…

Anonymous Pipes

5 min read

Understanding Anonymous Pipes — Part 1 of 3
Understanding Anonymous Pipes — Part 1 of 3
Anonymous Pipes

5 min read


Jan 27, 2021

Symmetric Key Usage in EFS

This article provides information about symmetric key algorithms supported by EFS. This information is required to successfully decrypt a file once the FEK is obtained. EFS supports the use of AES-256 and 3DES symmetric key algorithms for encrypting the DATA attribute (Openspecs-office, 2018). In Windows 10, EFS defaults to using…

Symmetric Encryption

2 min read

Symmetric Encryption

2 min read


Jan 27, 2021

Monitoring USN journal for changes

This article explains how the USN Journal can be used to monitor file system changes by taking the example of encrypting a plaintext file. Step 1 — Create a plain-text file: echo “Encrypt This!” > C:\Users\test\Documents\file.txt Step 2 — Query the USN Journal and note down the “Next Usn” value. …

Ntfs

1 min read

Ntfs

1 min read


Jan 27, 2021

Finding Encryption Keys in Memory

Walkthrough of a few approaches using AES-256 Why this article? The computer memory (RAM) can be thought of as a storehouse of secrets. These secrets can range from your instant messenger chats, sites visited in incognito mode, or the encryption keys used by programs to protect your data. The purpose of this article…

Ntfs

9 min read

Finding Encryption Keys in Memory
Finding Encryption Keys in Memory
Ntfs

9 min read

diyinfosec

diyinfosec

20 Followers

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams