Category Archives: Cyber

Talking about RFC 9424 – Indicators of Compromise (IoCs) and Their Role in Attack Defence

Posted on September 6, 2023 by HatsOffSecurity

Discussing the newly published RFC 9424 and how IoCs can be used to build better defences, without relying on looking backwards. Continue reading →

Posted in Attack, Cyber, General, Hardening, Incident Response, Introduction, IoCs, Windows Forensics | Tagged basics, defence in depth, folder location, hats off security, How to apply IOCs, ioc lifecycle, IoCs, IoCs Explained, pyramid of pain, rfc 9424, RFC9424, scheduled task name, sha256, understanding RFC9424 | Leave a comment

Ringzer0team – Forensics Challenge 35 – Poor internet connection

Posted on June 2, 2017 by HatsOffSecurity

This writeup is to explain how to get the answer (flag) to the Forensic Challenge named “Poor Internet Connection” I will not be posting the flag here as I am giving you all of the instructions to get it yourself! … Continue reading →

Posted in Competitions, Cyber, Network Analytics, Network Forensics, PCAP Analysis | Tagged file carving, hats off security, hex, Network Forensics, PCAP, pcap carving, Wireshark | 1 Comment

Cyber Security Challenge Masterclass 2016

Posted on November 6, 2016 by HatsOffSecurity

This year’s Cyber Security Challenge Masterclass saw over 40 contestants battling to become crowned the winner. I was fortunate enough to be invited as an assessor for the whole event. What follows are my views and interpretation of the event. … Continue reading →

Posted in Competition, Cyber, Cyber Security Challenge, Memory Forensics, Network Forensics, Pen Testing, Windows Forensics, Wireshark | Tagged 2016, Competition, Cyber Security Challenge, hats off security, Incident Reponse, linux, live disk image, masterclass, Preparation, who's to blame | 1 Comment

Types of Threat – Explained

Posted on September 20, 2015 by HatsOffSecurity

From a high level what are the types or categories of threats faced by the Security professional? Let’s go over some basics. Internal Authorised Internal Unauthorised Internal to External External to Internal External to External (new) The first 4 are … Continue reading →

Posted in Cyber, Forensic Readiness Plan, Incident Response, Preparation | Tagged basics, forensic readiness plan, forensic readiness planning, forensic readiness policy, hats off security, Incident Reponse, mitigation | Leave a comment

USB Forensic “Roadmap”

Posted on February 13, 2015 by HatsOffSecurity

As I have been researching and investigating USB Forensics I put together a “Roadmap” for my own personal reference. I made it using Maltego Case File and refer to it every now and then when I am attempting to remember … Continue reading →

Posted in Cyber, Research, USB Forensics, Windows Forensics | Tagged artefact locations, hats off security, USB, windows 7, Windows Registry Forensics, Windows8 | Leave a comment

SANS Christmas Hacking Challenge

Posted on January 3, 2015 by HatsOffSecurity

I thought I would write about my experiences with the Christmas Hacking Challenge by SANS, I am writing this before Christmas, but I wont publish it until after the closing date for obvious reasons 🙂 The challenge has an amazing … Continue reading →

Posted in Competition, Cyber, Heartbleed, Pen Testing, Research, SANS, Shellshock, USB Forensics, Windows Forensics | Tagged ../../../../, directory traversal, hats off security, heartbleed, linux, research, sans competiton, shellshock | 12 Comments

Research: Decoding LanmanServer\Shares

Posted on November 9, 2014 by HatsOffSecurity

For my first fully independent research topic I chose to look at the registry key created when an object is shared. This all started with a job we were investigating recently where the indicators we were given did not turn … Continue reading →

Posted in Cyber, Research, Shared Folders, Windows Forensics, Windows Registry Forensics | Tagged artefact locations, hats off security, registry hives, research, windows 7, windows 8.1, Windows Registry Forensics, windows xp, Windows8 | 7 Comments

Photos and who to blame

Posted on September 3, 2014 by HatsOffSecurity

In light of the recent apple/icloud incident I thought I would bring up a little bug bear of mine. Blaming the victim, if you are mocking the celebrities and commenting on how “it’s their own fault” please stop. Why do … Continue reading →

Posted in Cyber, My Two Cents | Tagged celebrity photos, hats off security, no more shaming, photo hack, who's to blame | Leave a comment

Incident Response Process Phase 2 – Identification

Posted on August 20, 2014 by HatsOffSecurity

Identification I was going to do another section on Preparation, but I realised I could continue with that until the end of days. So lets move on to Identification How does the Identification phase start? There are a multitude of … Continue reading →

Posted in Cyber, Identification, Incident Response | Tagged hats off security, identification, Incident Reponse, Preparation | Leave a comment

Security Wizardry

Posted on May 20, 2014 by HatsOffSecurity

Security Wizardry An excellent Cyber Information Portal. The Radar page is used by the NSA as seen in the photos on the site.

Posted in Cyber | Tagged hats off security | Leave a comment

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

	Bianca the Baker on NoScript Plugin Forensic Inves…
	Week 40 – 2022… on PowerShell Basic Introduction…
	ALEX on AnyDesk Forensic Analysis and…
	Week 13 – 2022… on Improving Technical Interviews
	HatsOffSecurity on AnyDesk Forensic Analysis and…