Logo
RSS Feed

Toolkit 🧰

Forensic Environment Setup

🧰 Acquisition Toolkit

If this system is running, capture the memory. Should be the first task. Memory stomping issues.

📚 RAM Tools Reference

Volatility # install brew packet manager ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" < /dev/null 2> /dev/null # install volatility (python should be installed) brew install volatile # vol.

📕 Windows RTFM

This is about … .

Cloud DFIR Lab

This is about … .

Computer Science: Algorithms Workbook

Sliding Window Max Value For the window, we will be using a dequeue data structure, for it takes O(1) for both popping from the start and the end.

Exploit Development Env

This is about … .

General IT Hacks

Setup Old HP printer on a new Mac https://support.apple.com/kb/dl1888?locale=en_US - driver https://forums.macrumors.com/threads/monterrey-and-hp-printers.2319676/: #!/bin/bash curl -o ~/Downloads/hpdrivers.

Malware Lab Setup

Malware analysis should always be done with caution. Also, in order to trick the most sophisticated malware into executing, one needs to make it believable that malware is on a real host.

Python Tooling

Terminal Tricks

In this article I will be collecting usful tricks and tweaks with Terminal on macOS. Some or even most of them could run on other UNIX systems as well.

SSH Access Setup Explained

In order to perform actions with you public/private key pair (git, ssh access), you’ll need to configure it first.

🧰 Mac Setup Script

🗒 TODO: Create a repo for this script! # oh my zsh bash themes sh -c "$(curl -fsSL https://raw.

📘 Linux BTFM

Variables # no spaces when assigning $0 # the first arg # array array=(1 2 4 5) ${array[0]} ${array[*]} # all items delimited by IFS ${array[@]} # all items ${!

📘 macOS BTFM

python FSEParser_V3.3.py -s -t folder /.fseventsd -o /Users/sentinel/Desktop/FSEvents_Out References

📘 Powershell BTFM

Settings Association It’s better to associate powershell scripts with notepad.exe that PowerShell for security reasons.

📘 SIFT BTFM

Here is the official cheatsheet from SANS. I’ve copied it here for convenience. I will comment some of them after I try each command in the list.

📘 Windows BTFM

FUC (Frequently Used Commands) User Get user’s SID: wmic useraccount where name='veronicazvereva' get sid # or whoami /user # for current user System USB Mounting USB devices on are mounted automatically, but VHD drives might need to be mounted manually.