Posted:
Jan 13, 2022
|
~
3 mins
read time
#ctf
#kringlecon-2021
Searching and aggregating logs in the command line
Posted:
Jan 12, 2022
|
~
1 min
read time
#ctf
#kringlecon-2021
#reverse-engineering
#linux
When an ELF binary doesn't work as expected, how can we troubleshoot it?
Posted:
Jan 12, 2022
|
~
1 min
read time
#ctf
#kringlecon-2021
#network
You know IPv4 - now what about IPv6?
Posted:
Jan 12, 2022
|
~
1 min
read time
#ctf
#kringlecon-2021
#forensics
How to quickly search metadata of multiple files
Posted:
Dec 12, 2021
|
~
4 mins
read time
#ctf
#forensics
What is a maldoc and why should I care about macros?
Posted:
Oct 13, 2021
|
~
2 mins
read time
#macOS
#forensics
#browsers
Browser artifacts and EDR data you should expect when investigating macOS devices.
Posted:
Aug 5, 2021
|
~
1 min
read time
#macOS
#forensics
#howto
What is SIP? A quick dive into the security integrity protection feature introduced back in 10.X that helps keep Apple machines safe from unsigned code.
Posted:
Jul 16, 2021
|
~
1 min
read time
#macOS
#forensics
#memory
#howto
How to dump memory from macOS devices using OSXPmem.
Posted:
Jul 12, 2021
|
~
1 min
read time
#macOS
#howto
#vm
My go-to method for creating a quick and easy virtual macOS machine if you have an Apple host.
Posted:
Apr 26, 2021
|
~
3 mins
read time
#ctf
#forensics
I recently got access to retired Hack the Box challenges and decided to provide write-ups as well as explanations of the forensics concepts behind the challenge. This is the first post in what will hopefully become a series on DFIR concepts.