Tag Archives: hats off security

PowerShell Basic Introduction (Security Version)

PowerShell has grown since its introduction in 2003 and implementation in Windows XP in 2006. What started as a closed source, proprietary upgrade to the Command Prompt has now grown into an open-source, resource rich Command Line Interface (CLI) and … Continue reading

Posted in Incident Response, PowerShell, Preparation, Windows Forensics | Tagged , , , , , , , | 1 Comment

Improving Technical Interviews

I have conducted easily over 100 interviews during my career, almost all of which have been technical, and I have seen some great and terrible actions from both sides of the table. In this post, I want to cover off … Continue reading

Posted in General, Interviews | Tagged , , , , | 1 Comment

AnyDesk Forensic Analysis and Artefacts

Click here to view this research on my YouTube channel What is AnyDesk? AnyDesk is a legitimate, non-malicious piece of software that is used by companies world wide to manage their IT systems, and can be used for free to … Continue reading

Posted in anydesk, Windows Forensics | Tagged , , , , , , , | 4 Comments

HatsOffSecurity on YouTube

We are re-engaging the Hats Off Security blog content onto YouTube. This means that instead of simply reading my insanity, you get to hear me say it instead. Please head over to YouTube and take a look at this videos, … Continue reading

Posted in Uncategorized | Tagged , | 1 Comment

How to Create a Good Security CTF

I have been creating network and computer security ‘Capture the Flag’, or ‘CTF’, challenges for a number of years now. My latest job had me doing this full-time for events that would attract several thousand players. During this time my … Continue reading

Posted in Competition, CTF, General, Introduction | Tagged , | 1 Comment

NoScript Plugin Forensic Investigation – Firefox/ToR Browser

In this blog post I plan to show that using the NoScript plugin it is possible to glean information about what sites, or files, a user accessed while in a private browsing session and also whilst using the TOR browser. … Continue reading

Posted in Browser Forensics, Firefox, TOR, Windows Forensics | Tagged , , , | 1 Comment

Keybase.io Forensics Investigation

What is Keybase.io? I was first introduced to Keybase a few years ago. It was explained to me as a place to validate your identity with regards to sharing public keys for email encryption. Showing that a Twitter account is … Continue reading

Posted in Keybase, Linux Forensics, Windows Forensics | Tagged , , , , , , | Leave a comment

When is Index.dat not Evidence of Browsing

It is easy to fall into familiar habits as a human being, we see patterns in what we do and expect those patterns to persist. However when these patterns can be the difference between a person keeping or losing their … Continue reading

Posted in Browser Forensics, Internet Explorer | Tagged , , , , , | 1 Comment

HTTP Methods

In this post we are going to look at different types of HTTP/1.1 methods. We will leave HTTP/2 methods for another day. This will be a summary of each method, it is possible to go into great detail with some … Continue reading

Posted in Network Analytics | Tagged , , , | Leave a comment

Wireshark – More Basics

I have been approached recently about explaining some of the fundamentals of how Wireshark can be used. Let’s have a look at some traffic that I captured for a challenge I created recently. Here we can see an example of … Continue reading

Posted in Network Analytics, Network Forensics, Wireshark | Tagged , , , | Leave a comment