-
Recent Posts
- Talking about RFC 9424 – Indicators of Compromise (IoCs) and Their Role in Attack Defence
- PowerShell Basic Introduction (Security Version)
- Improving Technical Interviews
- AnyDesk Forensic Analysis and Artefacts
- Log4J/Log4Shell Video Glossary
- HatsOffSecurity on YouTube
- How to Create a Good Security CTF
- NoScript Plugin Forensic Investigation – Firefox/ToR Browser
- Keybase.io Forensics Investigation
- When is Index.dat not Evidence of Browsing
Categories
- anydesk
- Attack
- Browser Forensics
- Brute force
- Chrome
- Competition
- Competitions
- Containment
- Content Delivery Manager
- Cookies
- Cryptography
- CTF
- Cyber
- Cyber Security Challenge
- Decoding Time
- Encrypted Traffic
- Firefox
- Forensic Readiness Plan
- General
- Google Analytics
- Google Chrome
- Google Rapid Response
- Group Policy
- GRR
- Hardening
- Heartbleed
- Identification
- Incident Response
- Internet Explorer
- Interviews
- Introduction
- IoCs
- Jump Lists
- Keybase
- Link FIles
- Linux Forensics
- Memory Forensics
- Microsoft Edge
- My Two Cents
- Network Analytics
- Network Forensics
- pass the hash
- PCAP Analysis
- Pen Testing
- PowerShell
- Preparation
- Protocol
- ReadyBoost
- Research
- Safari
- SANS
- Shared Folders
- Shellshock
- SMB
- SSH
- TOR
- Uncategorized
- USB Forensics
- Windows Forensics
- Windows Registry Forensics
- Windows Registry Forensics
- Windows Spotlight
- Windows XP
- Wireshark
CyberLinks
- Follow Hats Off Security on WordPress.com
Tag Archives: hats off security
Windows Spotlight Image Location
Bit of a change from my typical security related posts. I was hunting around on my machine for a new blog post when I stumbled across a folder full of oddly named files. The files were named as their SHA1 … Continue reading
Posted in Content Delivery Manager, Windows Spotlight
Tagged artefact locations, basics, file locations, hats off security, spotlight, Windows 10
1 Comment
OpenDoor Scanner vs SimpleHTTPServer (PCAP)
Often when analysing attacks, scans or just general traffic it is difficult to identify the specific tool or technique in use. This is simply because there isn’t a reference database for every tool. So I thought I would upload a … Continue reading
Posted in Network Forensics, PCAP Analysis, Research, Wireshark
Tagged analysis, hats off security, linux, Network Forensics, PCAP, research
1 Comment
Cyber Security Challenge Masterclass 2016
This year’s Cyber Security Challenge Masterclass saw over 40 contestants battling to become crowned the winner. I was fortunate enough to be invited as an assessor for the whole event. What follows are my views and interpretation of the event. … Continue reading
Flash Cookies – aka Locally Shared Objects
Flash Cookie Location [Throughout this article I will use the term ‘flash cookie’ over ‘LSO’ as these posts are currently about finding and removing cookies] %AppData%\Macromedia\Flash Player\#SharedObjects\<random text>\ Under this folder you will a list of the sites which have … Continue reading
Posted in Browser Forensics, Cookies, Firefox
Tagged artefact locations, browser forensics, cookies, firefox, hats off security
Leave a comment
HTTP Cookies – Part 4 – Safari Cookies
Safari Location Pretty sure this location has been the same for a number of years now, if not let me know in the comments: ~/libraries/cookies Removing Safari Cookies I am not a MAC expert, so I am going to bow … Continue reading
Posted in Browser Forensics, Cookies, Safari
Tagged artefact locations, basics, browser forensics, cookies, hats off security, Safari
Leave a comment
HTTP Cookies – Part 3 – Chrome Cookies
Chrome Location Windows 7 onwards: %LocalAppData%\Google\Chrome\User Data\Default Unlike Internet Explorer (and like Firefox) Chrome does not use individual text files, but instead uses a SQLite database. In order to view this you will need a SQLite browser (easy to get … Continue reading
Posted in Browser Forensics, Chrome, Cookies
Tagged artefact locations, basics, browser forensics, chrome, hats off security, Windows 10, windows 7, windows 8.1, Windows8
Leave a comment
HTTP Cookies – Part 2 – Firefox
Firefox Location Windows 7 and onwards %AppData%\Mozilla\Firefox\Profiles\<profile.name>\cookies.sqlite Unlike Internet Explorer (and like Chrome) Firefox does not use individual text files for storing cookies, instead it uses a SQLite database. In order to view this you will need a SQLite browser … Continue reading
Posted in Browser Forensics, Cookies, Firefox
Tagged artefact locations, browser forensics, cookies, firefox, hats off security, Windows 10, windows 7, windows 8.1, Windows8
Leave a comment
HTTP Cookies – Part 1 – Internet Explorer and Microsoft Edge
Finding Internet Explorer/Edge Cookies (Windows 7-10… possibly Vista, but who uses Vista?!) Microsoft introduced a cool new way of finding your cookies. From the Run prompt or any Explorer window type “shell:cookies” and you will be taken to the Cookies … Continue reading
Removing Cookies
Do you know how many cookies are tracking you? Have you tried to clear the cookies only to find some things not quite gone? Well I have a product for you!… just kidding, it sounded like an advert, so I … Continue reading
Posted in Browser Forensics, Cookies
Tagged artefact locations, browser forensics, cookies, hats off security
Leave a comment
Wireshark – Introduction
What is Wireshark According to Wireshark.org: Wireshark® is a network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. What does this mean to you? This means Wireshark allows you to view network … Continue reading
Posted in Network Forensics, Shellshock, Wireshark
Tagged basics, hats off security, Network Forensics, shellshock, Wireshark
Leave a comment
Hats Off Security 