Powered By TEKGENX CONSULTING
Views: 3We covered the deployment of Velociraptor Server and Client components in the first part of this series. You can read it here if you’re interested. This part of the series will walk you through the capabilities and features of Velociraptor. Exploring the Clients from the Server GUI Searching for Clients The option “Show All” … Read more
Views: 11Introduction In the ever-evolving world of Digital Forensics and Incident Response (DFIR), having a powerful tool at your disposal is essential. Velociraptor stands out as an advanced, open-source endpoint monitoring, digital forensics, and cyber response platform. Developed by DFIR professionals, it empowers teams to hunt for specific artifacts and monitor activity across a fleet … Read more
Views: 20Investigate Tunnelling Traffic: ICMP and DNS Traffic tunnelling is (also known as “port forwarding”) transferring the data/resources in a secure method to network segments and zones. It can be used for “internet to private networks” and “private networks to internet” flow/direction. There is an encapsulation process to hide the data, so the transferred data appear natural … Read more
Views: 13Core Concepts The process of imaging a disk starts by identifying the target drive, preparing it for imaging, and then creating the image file which is later verified for integrity. This needs to be performed in an environment that allows us to perform these tasks and also ensures the process is properly logged. Each … Read more
Views: 19Code Obfuscation is a technique used to make a script more difficult to read by humans but allows it to function the same from a technical point of view, though performance may be slower. This is usually achieved automatically by using an obfuscation tool, which takes code as an input, and attempts to re-write … Read more
Views: 1Incident response, also known as incident handling, is a cyber security function that uses various methodologies, tools and techniques to detect and manage adversarial attacks while minimizing impact, recovery time and total operating costs. Addressing attacks requires containing malware infections, identifying and remediating vulnerabilities, as well as sourcing, managing, and deploying technical and non-technical … Read more
Views: 32Reference: TryHackMe Room “Core Windows Processes” Core Windows Processes Understanding how the Windows operating system functions as a defender is vital. Task Manager doesn’t show a Parent-Child process view. That is where other utilities, such as Process Hacker and Process Explorer, come to the rescue. Process Hacker Process Explorer Command-line equivalent of obtaining information about the running … Read more
Views: 29NetworkMiner Capability Description Traffic sniffing It can intercept the traffic, sniff it, and collect and log packets that pass through the network. Parsing PCAP files It can parse pcap files and show the content of the packets in detail. Protocol analysis It can identify the used protocols from the parsed pcap file. OS fingerprinting It can identify … Read more
Views: 23Source: Tryhackme Networkminer room Introduction to Network Forensics Network Forensics is a specific subdomain of the Forensics domain, and it focuses on network traffic investigation. Network Forensics discipline covers the work done to access information transmitted by listening and investigating live and recorded traffic, gathering evidence/artefacts and understanding potential problems. The investigation tries to … Read more
