7RedViolin Blog

DFIR Thoughts & CTF Writeups

Powered by Jekyll — Theme by BDHU

KringleCon 4: Four Calling Birds WriteUp - Greppin' for Gold

Posted: Jan 13, 2022 | ~ 3 mins read time
#ctf #kringlecon-2021
Searching and aggregating logs in the command line

KringleCon 4: Four Calling Birds WriteUp - Strace, Ltrace, Retrace

Posted: Jan 12, 2022 | ~ 1 min read time
#ctf #kringlecon-2021 #reverse-engineering #linux
When an ELF binary doesn't work as expected, how can we troubleshoot it?

KringleCon 4: Four Calling Birds WriteUp - IPv6

Posted: Jan 12, 2022 | ~ 1 min read time
#ctf #kringlecon-2021 #network
You know IPv4 - now what about IPv6?

KringleCon 4: Four Calling Birds WriteUp - ExifTool

Posted: Jan 12, 2022 | ~ 1 min read time
#ctf #kringlecon-2021 #forensics
How to quickly search metadata of multiple files

HtB: Lure

Posted: Dec 12, 2021 | ~ 4 mins read time
#ctf #forensics
What is a maldoc and why should I care about macros?

macOS Browser Stuff

Posted: Oct 13, 2021 | ~ 2 mins read time
#macOS #forensics #browsers
Browser artifacts and EDR data you should expect when investigating macOS devices.

macOS - What is SIP?

Posted: Aug 5, 2021 | ~ 1 min read time
#macOS #forensics #howto
What is SIP? A quick dive into the security integrity protection feature introduced back in 10.X that helps keep Apple machines safe from unsigned code.

macOS Memory Acquisition

Posted: Jul 16, 2021 | ~ 1 min read time
#macOS #forensics #memory #howto
How to dump memory from macOS devices using OSXPmem.

macOS VM HowTo

Posted: Jul 12, 2021 | ~ 1 min read time
#macOS #howto #vm
My go-to method for creating a quick and easy virtual macOS machine if you have an Apple host.

HtB: Persistence

Posted: Apr 26, 2021 | ~ 3 mins read time
#ctf #forensics
I recently got access to retired Hack the Box challenges and decided to provide write-ups as well as explanations of the forensics concepts behind the challenge. This is the first post in what will hopefully become a series on DFIR concepts.