-
Recent Posts
- Talking about RFC 9424 – Indicators of Compromise (IoCs) and Their Role in Attack Defence
- PowerShell Basic Introduction (Security Version)
- Improving Technical Interviews
- AnyDesk Forensic Analysis and Artefacts
- Log4J/Log4Shell Video Glossary
- HatsOffSecurity on YouTube
- How to Create a Good Security CTF
- NoScript Plugin Forensic Investigation – Firefox/ToR Browser
- Keybase.io Forensics Investigation
- When is Index.dat not Evidence of Browsing
Categories
- anydesk
- Attack
- Browser Forensics
- Brute force
- Chrome
- Competition
- Competitions
- Containment
- Content Delivery Manager
- Cookies
- Cryptography
- CTF
- Cyber
- Cyber Security Challenge
- Decoding Time
- Encrypted Traffic
- Firefox
- Forensic Readiness Plan
- General
- Google Analytics
- Google Chrome
- Google Rapid Response
- Group Policy
- GRR
- Hardening
- Heartbleed
- Identification
- Incident Response
- Internet Explorer
- Interviews
- Introduction
- IoCs
- Jump Lists
- Keybase
- Link FIles
- Linux Forensics
- Memory Forensics
- Microsoft Edge
- My Two Cents
- Network Analytics
- Network Forensics
- pass the hash
- PCAP Analysis
- Pen Testing
- PowerShell
- Preparation
- Protocol
- ReadyBoost
- Research
- Safari
- SANS
- Shared Folders
- Shellshock
- SMB
- SSH
- TOR
- Uncategorized
- USB Forensics
- Windows Forensics
- Windows Registry Forensics
- Windows Registry Forensics
- Windows Spotlight
- Windows XP
- Wireshark
CyberLinks
- Follow Hats Off Security on WordPress.com
Category Archives: Windows Forensics
Talking about RFC 9424 – Indicators of Compromise (IoCs) and Their Role in Attack Defence
Discussing the newly published RFC 9424 and how IoCs can be used to build better defences, without relying on looking backwards. Continue reading
Posted in Attack, Cyber, General, Hardening, Incident Response, Introduction, IoCs, Windows Forensics
Tagged basics, defence in depth, folder location, hats off security, How to apply IOCs, ioc lifecycle, IoCs, IoCs Explained, pyramid of pain, rfc 9424, RFC9424, scheduled task name, sha256, understanding RFC9424
Leave a comment
PowerShell Basic Introduction (Security Version)
PowerShell has grown since its introduction in 2003 and implementation in Windows XP in 2006. What started as a closed source, proprietary upgrade to the Command Prompt has now grown into an open-source, resource rich Command Line Interface (CLI) and … Continue reading
AnyDesk Forensic Analysis and Artefacts
Click here to view this research on my YouTube channel What is AnyDesk? AnyDesk is a legitimate, non-malicious piece of software that is used by companies world wide to manage their IT systems, and can be used for free to … Continue reading
NoScript Plugin Forensic Investigation – Firefox/ToR Browser
In this blog post I plan to show that using the NoScript plugin it is possible to glean information about what sites, or files, a user accessed while in a private browsing session and also whilst using the TOR browser. … Continue reading
Posted in Browser Forensics, Firefox, TOR, Windows Forensics
Tagged browser forensics, hats off security, NoScript, TOR
1 Comment
Keybase.io Forensics Investigation
What is Keybase.io? I was first introduced to Keybase a few years ago. It was explained to me as a place to validate your identity with regards to sharing public keys for email encryption. Showing that a Twitter account is … Continue reading
When is Index.dat not Evidence of Browsing
It is easy to fall into familiar habits as a human being, we see patterns in what we do and expect those patterns to persist. However when these patterns can be the difference between a person keeping or losing their … Continue reading
Cyber Security Challenge Masterclass 2016
This year’s Cyber Security Challenge Masterclass saw over 40 contestants battling to become crowned the winner. I was fortunate enough to be invited as an assessor for the whole event. What follows are my views and interpretation of the event. … Continue reading
Flash Cookies – aka Locally Shared Objects
Flash Cookie Location [Throughout this article I will use the term ‘flash cookie’ over ‘LSO’ as these posts are currently about finding and removing cookies] %AppData%\Macromedia\Flash Player\#SharedObjects\<random text>\ Under this folder you will a list of the sites which have … Continue reading
Posted in Browser Forensics, Cookies, Firefox
Tagged artefact locations, browser forensics, cookies, firefox, hats off security
Leave a comment
HTTP Cookies – Part 4 – Safari Cookies
Safari Location Pretty sure this location has been the same for a number of years now, if not let me know in the comments: ~/libraries/cookies Removing Safari Cookies I am not a MAC expert, so I am going to bow … Continue reading
Posted in Browser Forensics, Cookies, Safari
Tagged artefact locations, basics, browser forensics, cookies, hats off security, Safari
Leave a comment
HTTP Cookies – Part 3 – Chrome Cookies
Chrome Location Windows 7 onwards: %LocalAppData%\Google\Chrome\User Data\Default Unlike Internet Explorer (and like Firefox) Chrome does not use individual text files, but instead uses a SQLite database. In order to view this you will need a SQLite browser (easy to get … Continue reading
Posted in Browser Forensics, Chrome, Cookies
Tagged artefact locations, basics, browser forensics, chrome, hats off security, Windows 10, windows 7, windows 8.1, Windows8
Leave a comment