Tag Archives: hats off security

OpenDoor Scanner vs SimpleHTTPServer (PCAP)

Often when analysing attacks, scans or just general traffic it is difficult to identify the specific tool or technique in use. This is simply because there isn’t a reference database for every tool. So I thought I would upload a … Continue reading

Posted in Network Forensics, PCAP Analysis, Research, Wireshark | Tagged , , , , , | 1 Comment

Cyber Security Challenge Masterclass 2016

This year’s Cyber Security Challenge Masterclass saw over 40 contestants battling to become crowned the winner. I was fortunate enough to be invited as an assessor for the whole event. What follows are my views and interpretation of the event. … Continue reading

Posted in Competition, Cyber, Cyber Security Challenge, Memory Forensics, Network Forensics, Pen Testing, Windows Forensics, Wireshark | Tagged , , , , , , , , , | 1 Comment

Flash Cookies – aka Locally Shared Objects

Flash Cookie Location [Throughout this article I will use the term ‘flash cookie’ over ‘LSO’ as these posts are currently about finding and removing cookies] %AppData%\Macromedia\Flash Player\#SharedObjects\<random text>\ Under this folder you will a list of the sites which have … Continue reading

Posted in Browser Forensics, Cookies, Firefox | Tagged , , , , | Leave a comment

HTTP Cookies – Part 4 – Safari Cookies

Safari Location Pretty sure this location has been the same for a number of years now, if not let me know in the comments: ~/libraries/cookies Removing Safari Cookies I am not a MAC expert, so I am going to bow … Continue reading

Posted in Browser Forensics, Cookies, Safari | Tagged , , , , , | Leave a comment

HTTP Cookies – Part 3 – Chrome Cookies

Chrome Location Windows 7 onwards: %LocalAppData%\Google\Chrome\User Data\Default Unlike Internet Explorer (and like Firefox) Chrome does not use individual text files, but instead uses a SQLite database. In order to view this you will need a SQLite browser (easy to get … Continue reading

Posted in Browser Forensics, Chrome, Cookies | Tagged , , , , , , , , | Leave a comment

HTTP Cookies – Part 2 – Firefox

Firefox Location Windows 7 and onwards %AppData%\Mozilla\Firefox\Profiles\<profile.name>\cookies.sqlite Unlike Internet Explorer (and like Chrome) Firefox does not use individual text files for storing cookies, instead it uses a SQLite database. In order to view this you will need a SQLite browser … Continue reading

Posted in Browser Forensics, Cookies, Firefox | Tagged , , , , , , , , | Leave a comment

HTTP Cookies – Part 1 – Internet Explorer and Microsoft Edge

Finding Internet Explorer/Edge Cookies (Windows 7-10… possibly Vista, but who uses Vista?!) Microsoft introduced a cool new way of finding your cookies. From the Run prompt or any Explorer window type “shell:cookies” and you will be taken to the Cookies … Continue reading

Posted in Browser Forensics, Cookies, Internet Explorer, Microsoft Edge | Tagged , , , , , , , , , , | Leave a comment

Removing Cookies

Do you know how many cookies are tracking you? Have you tried to clear the cookies only to find some things not quite gone? Well I have a product for you!… just kidding, it sounded like an advert, so I … Continue reading

Posted in Browser Forensics, Cookies | Tagged , , , | Leave a comment

Wireshark – Introduction

What is Wireshark According to Wireshark.org: Wireshark® is a network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. What does this mean to you? This means Wireshark allows you to view network … Continue reading

Posted in Network Forensics, Shellshock, Wireshark | Tagged , , , , | Leave a comment

Types of Threat – Explained

From a high level what are the types or categories of threats faced by the Security professional? Let’s go over some basics. Internal Authorised Internal Unauthorised Internal to External External to Internal External to External (new) The first 4 are … Continue reading

Posted in Cyber, Forensic Readiness Plan, Incident Response, Preparation | Tagged , , , , , , | Leave a comment