Tag Archives: hats off security

HatsOffSecurity on YouTube

Posted on January 4, 2022 by HatsOffSecurity

We are re-engaging the Hats Off Security blog content onto YouTube. This means that instead of simply reading my insanity, you get to hear me say it instead. Please head over to YouTube and take a look at this videos, … Continue reading

Posted in Uncategorized | Tagged , | 1 Comment

How to Create a Good Security CTF

Posted on May 27, 2020 by HatsOffSecurity

I have been creating network and computer security ‘Capture the Flag’, or ‘CTF’, challenges for a number of years now. My latest job had me doing this full-time for events that would attract several thousand players. During this time my … Continue reading

Posted in Competition, CTF, General, Introduction | Tagged , | 1 Comment

NoScript Plugin Forensic Investigation – Firefox/ToR Browser

Posted on May 1, 2020 by HatsOffSecurity

In this blog post I plan to show that using the NoScript plugin it is possible to glean information about what sites, or files, a user accessed while in a private browsing session and also whilst using the TOR browser. … Continue reading

Posted in Browser Forensics, Firefox, TOR, Windows Forensics | Tagged , , , | Leave a comment

Keybase.io Forensics Investigation

Posted on February 23, 2020 by HatsOffSecurity

What is Keybase.io? I was first introduced to Keybase a few years ago. It was explained to me as a place to validate your identity with regards to sharing public keys for email encryption. Showing that a Twitter account is … Continue reading

Posted in Keybase, Linux Forensics, Windows Forensics | Tagged , , , , , , | Leave a comment

When is Index.dat not Evidence of Browsing

Posted on August 10, 2019 by HatsOffSecurity

It is easy to fall into familiar habits as a human being, we see patterns in what we do and expect those patterns to persist. However when these patterns can be the difference between a person keeping or losing their … Continue reading

Posted in Browser Forensics, Internet Explorer | Tagged , , , , , | 1 Comment

HTTP Methods

Posted on April 9, 2019 by HatsOffSecurity

In this post we are going to look at different types of HTTP/1.1 methods. We will leave HTTP/2 methods for another day. This will be a summary of each method, it is possible to go into great detail with some … Continue reading

Posted in Network Analytics | Tagged , , , | Leave a comment

Wireshark – More Basics

Posted on April 3, 2019 by HatsOffSecurity

I have been approached recently about explaining some of the fundamentals of how Wireshark can be used. Let’s have a look at some traffic that I captured for a challenge I created recently. Here we can see an example of … Continue reading

Posted in Network Analytics, Network Forensics, Wireshark | Tagged , , , | Leave a comment

Decrypting Traffic in Wireshark

Posted on October 30, 2018 by HatsOffSecurity

If you have a HTTPS session captured and are looking at unlocking the secrets that lie within, you are probably looking at Wireshark with eternal optimism hoping that somehow the magical blue fin will answer all of problems…. Sadly that’s … Continue reading

Posted in Cryptography, Encrypted Traffic, Network Analytics, Network Forensics | Tagged , , , , , , , | Leave a comment

Identifying Sites in Encrypted Traffic

Posted on October 29, 2018 by HatsOffSecurity

There is some mis-information around; that encrypted traffic is useless, and you should go back to netflow and statistical analysis only. I disagree. I will be doing a few posts showing clear-text information leakage we can use to our advantage. … Continue reading

Posted in Encrypted Traffic, Network Analytics, Network Forensics | Tagged , , , , , , , | Leave a comment

SMB2 Protocol Negotiation

Posted on January 21, 2018 by HatsOffSecurity

This is one of the few times when looking at SMBv2 you will need to use SMBv1 commands. The initial negotiation request will always be sent out as SMBv1. It makes sense when you think about it, SMB does not … Continue reading

Posted in Network Analytics, SMB | Tagged , , , | Leave a comment