Tag Archives: hats off security

HTTP Cookies – Part 3 – Chrome Cookies

Chrome Location Windows 7 onwards: %LocalAppData%\Google\Chrome\User Data\Default Unlike Internet Explorer (and like Firefox) Chrome does not use individual text files, but instead uses a SQLite database. In order to view this you will need a SQLite browser (easy to get … Continue reading

Posted in Browser Forensics, Chrome, Cookies | Tagged , , , , , , , , | Leave a comment

HTTP Cookies – Part 2 – Firefox

Firefox Location Windows 7 and onwards %AppData%\Mozilla\Firefox\Profiles\<profile.name>\cookies.sqlite Unlike Internet Explorer (and like Chrome) Firefox does not use individual text files for storing cookies, instead it uses a SQLite database. In order to view this you will need a SQLite browser … Continue reading

Posted in Browser Forensics, Cookies, Firefox | Tagged , , , , , , , , | Leave a comment

HTTP Cookies – Part 1 – Internet Explorer and Microsoft Edge

Finding Internet Explorer/Edge Cookies (Windows 7-10… possibly Vista, but who uses Vista?!) Microsoft introduced a cool new way of finding your cookies. From the Run prompt or any Explorer window type “shell:cookies” and you will be taken to the Cookies … Continue reading

Posted in Browser Forensics, Cookies, Internet Explorer, Microsoft Edge | Tagged , , , , , , , , , , | Leave a comment

Removing Cookies

Do you know how many cookies are tracking you? Have you tried to clear the cookies only to find some things not quite gone? Well I have a product for you!… just kidding, it sounded like an advert, so I … Continue reading

Posted in Browser Forensics, Cookies | Tagged , , , | Leave a comment

Wireshark – Introduction

What is Wireshark According to Wireshark.org: Wireshark® is a network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. What does this mean to you? This means Wireshark allows you to view network … Continue reading

Posted in Network Forensics, Shellshock, Wireshark | Tagged , , , , | Leave a comment

Types of Threat – Explained

From a high level what are the types or categories of threats faced by the Security professional? Let’s go over some basics. Internal Authorised Internal Unauthorised Internal to External External to Internal External to External (new) The first 4 are … Continue reading

Posted in Cyber, Forensic Readiness Plan, Incident Response, Preparation | Tagged , , , , , , | Leave a comment

Pass-the-hash Mitigation – Tip of the Day

I have been recently researching Pass the Hash mitigation techniques and I have found that there are the usual comments about not logging on to workstations with Admin accounts, ensuring your local admin accounts don’t have the same password, ensuring … Continue reading

Posted in Group Policy, Hardening, Incident Response, pass the hash, Pen Testing, Preparation, Research | Tagged , , , , , | Leave a comment

Force Enabling ReadyBoost Windows 7/8

Whilst writing a presentation on USB Forensics, I was hit with a problem with ReadyBoost being disabled on my Virtual Machine. The message would read This device cannot be used for ReadyBoost. ReadyBoost is not enabled on this computer because … Continue reading

Posted in ReadyBoost, USB Forensics, Windows Forensics, Windows Registry Forensics | Tagged , , , | 19 Comments

USB Roadmap v2

A quick update to the USB Roadmap, a few comments from the first version were regarding the arrows. They were a little overwhelming and annoying, so I thought I would re-arrange it a little. I will look at any changes … Continue reading

Posted in USB Forensics | Tagged , | Leave a comment

Renaming a GRR Server & Client Configuration

Renaming the Server & Updating the Clients Rather than rebuilding a new server for every deployment you may feel it is easier to build a clean virtual build and clone that for each customer. As such renaming the VM would … Continue reading

Posted in Google Rapid Response, GRR, Incident Response | Tagged , , , | Leave a comment