Hats Off Security
-
Recent Posts
- Keybase.io Forensics Investigation
- When is Index.dat not Evidence of Browsing
- HTTP Methods
- Wireshark – More Basics
- Decrypting Traffic in Wireshark
- Identifying Sites in Encrypted Traffic
- SMB2 Protocol Negotiation
- SMB2 – File/Directory Metadata
- SMB Tree Connect/Response Details
- SMBv2+ SYNC Header Explained
Categories
- Attack
- Browser Forensics
- Brute force
- Chrome
- Competition
- Competitions
- Containment
- Content Delivery Manager
- Cookies
- Cryptography
- Cyber
- Cyber Security Challenge
- Decoding Time
- Encrypted Traffic
- Firefox
- Forensic Readiness Plan
- Google Analytics
- Google Chrome
- Google Rapid Response
- Group Policy
- GRR
- Hardening
- Heartbleed
- Identification
- Incident Response
- Internet Explorer
- Introduction
- Jump Lists
- Keybase
- Link FIles
- Linux Forensics
- Memory Forensics
- Microsoft Edge
- My Two Cents
- Network Analytics
- Network Forensics
- pass the hash
- PCAP Analysis
- Pen Testing
- Preparation
- Protocol
- ReadyBoost
- Research
- Safari
- SANS
- Shared Folders
- Shellshock
- SMB
- SSH
- Uncategorized
- USB Forensics
- Windows Forensics
- Windows Registry Forensics
- Windows Registry Forensics
- Windows Spotlight
- Windows XP
- Wireshark
CyberLinks
- Follow Hats Off Security on WordPress.com
- My Tweets
Category Archives: Network Analytics
Ringzer0team – Forensics Challenge 35 – Poor internet connection
This writeup is to explain how to get the answer (flag) to the Forensic Challenge named “Poor Internet Connection” I will not be posting the flag here as I am giving you all of the instructions to get it yourself! … Continue reading
Posted in Competitions, Cyber, Network Analytics, Network Forensics, PCAP Analysis
Tagged file carving, hats off security, hex, Network Forensics, PCAP, pcap carving, Wireshark
1 Comment
TTLs and where to find them
Recently I have been conducted a lot of interviews for SOC Analysts; one of the questions I ask is as follows: You are reviewing your DNS logs and find an answer to a DNS query which shows rabbitcoldhotel.evil.com on <AnyExternalIP> … Continue reading
Posted in Network Analytics, Network Forensics
Tagged basics, hats off security, Interview Questions, Network Forensics, SOC Analyst
2 Comments
