Tag Archives: hats off security

Talking about RFC 9424 – Indicators of Compromise (IoCs) and Their Role in Attack Defence

Posted on September 6, 2023 by HatsOffSecurity

Discussing the newly published RFC 9424 and how IoCs can be used to build better defences, without relying on looking backwards. Continue reading

Posted in Attack, Cyber, General, Hardening, Incident Response, Introduction, IoCs, Windows Forensics | Tagged , , , , , , , , , , , , , | Leave a comment

PowerShell Basic Introduction (Security Version)

Posted on September 25, 2022 by HatsOffSecurity

PowerShell has grown since its introduction in 2003 and implementation in Windows XP in 2006. What started as a closed source, proprietary upgrade to the Command Prompt has now grown into an open-source, resource rich Command Line Interface (CLI) and … Continue reading

Posted in Incident Response, PowerShell, Preparation, Windows Forensics | Tagged , , , , , , , | 1 Comment

Improving Technical Interviews

Posted on March 20, 2022 by HatsOffSecurity

I have conducted easily over 100 interviews during my career, almost all of which have been technical, and I have seen some great and terrible actions from both sides of the table. In this post, I want to cover off … Continue reading

Posted in General, Interviews | Tagged , , , , | 1 Comment

AnyDesk Forensic Analysis and Artefacts

Posted on February 28, 2022 by HatsOffSecurity

Click here to view this research on my YouTube channel What is AnyDesk? AnyDesk is a legitimate, non-malicious piece of software that is used by companies world wide to manage their IT systems, and can be used for free to … Continue reading

Posted in anydesk, Windows Forensics | Tagged , , , , , , , | 4 Comments

HatsOffSecurity on YouTube

Posted on January 4, 2022 by HatsOffSecurity

We are re-engaging the Hats Off Security blog content onto YouTube. This means that instead of simply reading my insanity, you get to hear me say it instead. Please head over to YouTube and take a look at this videos, … Continue reading

Posted in Uncategorized | Tagged , | 1 Comment

How to Create a Good Security CTF

Posted on May 27, 2020 by HatsOffSecurity

I have been creating network and computer security ‘Capture the Flag’, or ‘CTF’, challenges for a number of years now. My latest job had me doing this full-time for events that would attract several thousand players. During this time my … Continue reading

Posted in Competition, CTF, General, Introduction | Tagged , | 1 Comment

NoScript Plugin Forensic Investigation – Firefox/ToR Browser

Posted on May 1, 2020 by HatsOffSecurity

In this blog post I plan to show that using the NoScript plugin it is possible to glean information about what sites, or files, a user accessed while in a private browsing session and also whilst using the TOR browser. … Continue reading

Posted in Browser Forensics, Firefox, TOR, Windows Forensics | Tagged , , , | 1 Comment

Keybase.io Forensics Investigation

Posted on February 23, 2020 by HatsOffSecurity

What is Keybase.io? I was first introduced to Keybase a few years ago. It was explained to me as a place to validate your identity with regards to sharing public keys for email encryption. Showing that a Twitter account is … Continue reading

Posted in Keybase, Linux Forensics, Windows Forensics | Tagged , , , , , , | Leave a comment

When is Index.dat not Evidence of Browsing

Posted on August 10, 2019 by HatsOffSecurity

It is easy to fall into familiar habits as a human being, we see patterns in what we do and expect those patterns to persist. However when these patterns can be the difference between a person keeping or losing their … Continue reading

Posted in Browser Forensics, Internet Explorer | Tagged , , , , , | 1 Comment

HTTP Methods

Posted on April 9, 2019 by HatsOffSecurity

In this post we are going to look at different types of HTTP/1.1 methods. We will leave HTTP/2 methods for another day. This will be a summary of each method, it is possible to go into great detail with some … Continue reading

Posted in Network Analytics | Tagged , , , | Leave a comment