Hats Off Security
-
Recent Posts
- How to Create a Good Security CTF
- NoScript Plugin Forensic Investigation – Firefox/ToR Browser
- Keybase.io Forensics Investigation
- When is Index.dat not Evidence of Browsing
- HTTP Methods
- Wireshark – More Basics
- Decrypting Traffic in Wireshark
- Identifying Sites in Encrypted Traffic
- SMB2 Protocol Negotiation
- SMB2 – File/Directory Metadata
Categories
- Attack
- Browser Forensics
- Brute force
- Chrome
- Competition
- Competitions
- Containment
- Content Delivery Manager
- Cookies
- Cryptography
- CTF
- Cyber
- Cyber Security Challenge
- Decoding Time
- Encrypted Traffic
- Firefox
- Forensic Readiness Plan
- General
- Google Analytics
- Google Chrome
- Google Rapid Response
- Group Policy
- GRR
- Hardening
- Heartbleed
- Identification
- Incident Response
- Internet Explorer
- Introduction
- Jump Lists
- Keybase
- Link FIles
- Linux Forensics
- Memory Forensics
- Microsoft Edge
- My Two Cents
- Network Analytics
- Network Forensics
- pass the hash
- PCAP Analysis
- Pen Testing
- Preparation
- Protocol
- ReadyBoost
- Research
- Safari
- SANS
- Shared Folders
- Shellshock
- SMB
- SSH
- TOR
- Uncategorized
- USB Forensics
- Windows Forensics
- Windows Registry Forensics
- Windows Registry Forensics
- Windows Spotlight
- Windows XP
- Wireshark
CyberLinks
- Follow Hats Off Security on WordPress.com
Tag Archives: hats off security
How to Create a Good Security CTF
I have been creating network and computer security ‘Capture the Flag’, or ‘CTF’, challenges for a number of years now. My latest job had me doing this full-time for events that would attract several thousand players. During this time my … Continue reading
NoScript Plugin Forensic Investigation – Firefox/ToR Browser
In this blog post I plan to show that using the NoScript plugin it is possible to glean information about what sites, or files, a user accessed while in a private browsing session and also whilst using the TOR browser. … Continue reading
Posted in Browser Forensics, Firefox, TOR, Windows Forensics
Tagged browser forensics, hats off security, NoScript, TOR
Leave a comment
Keybase.io Forensics Investigation
What is Keybase.io? I was first introduced to Keybase a few years ago. It was explained to me as a place to validate your identity with regards to sharing public keys for email encryption. Showing that a Twitter account is … Continue reading
When is Index.dat not Evidence of Browsing
It is easy to fall into familiar habits as a human being, we see patterns in what we do and expect those patterns to persist. However when these patterns can be the difference between a person keeping or losing their … Continue reading
HTTP Methods
In this post we are going to look at different types of HTTP/1.1 methods. We will leave HTTP/2 methods for another day. This will be a summary of each method, it is possible to go into great detail with some … Continue reading
Posted in Network Analytics
Tagged browser forensics, hats off security, Network Forensics, PCAP
Leave a comment
Wireshark – More Basics
I have been approached recently about explaining some of the fundamentals of how Wireshark can be used. Let’s have a look at some traffic that I captured for a challenge I created recently. Here we can see an example of … Continue reading
Posted in Network Analytics, Network Forensics, Wireshark
Tagged hats off security, Network Forensics, PCAP, Wireshark
Leave a comment
Decrypting Traffic in Wireshark
If you have a HTTPS session captured and are looking at unlocking the secrets that lie within, you are probably looking at Wireshark with eternal optimism hoping that somehow the magical blue fin will answer all of problems…. Sadly that’s … Continue reading
Identifying Sites in Encrypted Traffic
There is some mis-information around; that encrypted traffic is useless, and you should go back to netflow and statistical analysis only. I disagree. I will be doing a few posts showing clear-text information leakage we can use to our advantage. … Continue reading
Posted in Encrypted Traffic, Network Analytics, Network Forensics
Tagged artefact locations, basics, cyber security, hats off security, Network Forensics, PCAP, SSL, TLS
Leave a comment
SMB2 Protocol Negotiation
This is one of the few times when looking at SMBv2 you will need to use SMBv1 commands. The initial negotiation request will always be sent out as SMBv1. It makes sense when you think about it, SMB does not … Continue reading
Posted in Network Analytics, SMB
Tagged hats off security, Network Forensics, SMB, Wireshark
Leave a comment
SMB2 – File/Directory Metadata
Using SMB it is possible to retrieve data that is typically only expected when carrying out host based forensics. The MACB (Modification, Access, Change and Birth) data is sent across regardless of if a file is accessed or not. With … Continue reading
Posted in Network Analytics, Network Forensics, SMB
Tagged hats off security, Network Forensics, SMB
1 Comment