Tag Archives: basics

Types of Threat – Explained

Posted on September 20, 2015 by HatsOffSecurity

From a high level what are the types or categories of threats faced by the Security professional? Let’s go over some basics. Internal Authorised Internal Unauthorised Internal to External External to Internal External to External (new) The first 4 are … Continue reading

Posted in Cyber, Forensic Readiness Plan, Incident Response, Preparation | Tagged , , , , , , | Leave a comment

Pass-the-hash Mitigation – Tip of the Day

Posted on July 17, 2015 by HatsOffSecurity

I have been recently researching Pass the Hash mitigation techniques and I have found that there are the usual comments about not logging on to workstations with Admin accounts, ensuring your local admin accounts don’t have the same password, ensuring … Continue reading

Posted in Group Policy, Hardening, Incident Response, pass the hash, Pen Testing, Preparation, Research | Tagged , , , , , | Leave a comment

Windows XP Restore Points

Posted on January 20, 2015 by HatsOffSecurity

I know XP is going the way of the Dodo, which is why I wanted to write this post. As blogs and posts update and keep up with the latest versions of Windows I find it harder and harder to … Continue reading

Posted in Introduction, Windows Forensics, Windows Registry Forensics, Windows XP | Tagged , , , , , , | Leave a comment

Link Files

Posted on September 14, 2014 by HatsOffSecurity

Link (lnk) files are a valuable source of information in a forensic investigation and should not be casually overlooked. What are Link files? Link files are created by the system when a file is opened, even if that file is … Continue reading

Posted in Link FIles, Windows Forensics | Tagged , , , , , | Leave a comment

Incident Response Process Phase 3 – Containment

Posted on September 6, 2014 by HatsOffSecurity

First Steps When moving into the containment phase an incident has already been declared. It is now time to categorise the incident and relay this to the customer/management. The categorisation or characterisation of the incident can be broken down into … Continue reading

Posted in Containment, Incident Response | Tagged , , , | Leave a comment

Incident Response Process

Posted on August 7, 2014 by HatsOffSecurity

Today I am going to discuss the basics of an Incident Response process. I did not create this, I would love to give credit to those who did! There are other variations out there, however they all follow the basic … Continue reading

Posted in Incident Response, Introduction | Tagged , , | Leave a comment

Chrome – Basics

Posted on June 25, 2014 by HatsOffSecurity

Google Chrome, or just Chrome, is (at the time of writing) the most popular web browser by a fair amount. Twice as popular as Mozilla’s Firefox. Chrome stores its artefacts in SQLite, JSON (JavaScript Object Notation) and SNSS (Session Saver) … Continue reading

Posted in Browser Forensics, Chrome, Google Chrome, Windows Forensics | Tagged , , , , , , , , , | Leave a comment

Internet Explorer – Basics

Posted on June 22, 2014 by HatsOffSecurity

As IE comes bundled with Windows as standard it is often the browser (of choice?) used by a lot of organisations. Larger organisations are also often slower to update IE, in my experience, as they have integrated business critical applications … Continue reading

Posted in Browser Forensics, Internet Explorer, Windows Forensics | Tagged , , , , , , , | Leave a comment