7RedViolin Blog

DFIR Thoughts & CTF Writeups

Powered by Jekyll — Theme by BDHU

KringleCon 4: Four Calling Birds WriteUp - Strace, Ltrace, Retrace

Posted: Jan 12, 2022 | ~ 1 min read time
#ctf #kringlecon-2021 #linux #reverse-engineering
When an ELF binary doesn't work as expected, how can we troubleshoot it?

KringleCon 4: Four Calling Birds WriteUp - IPv6

Posted: Jan 12, 2022 | ~ 1 min read time
#ctf #kringlecon-2021 #network
You know IPv4 - now what about IPv6?

KringleCon 4: Four Calling Birds WriteUp - ExifTool

Posted: Jan 12, 2022 | ~ 1 min read time
#ctf #forensics #kringlecon-2021
How to quickly search metadata of multiple files

HtB: Lure

Posted: Dec 12, 2021 | ~ 4 mins read time
#ctf #forensics
What is a maldoc and why should I care about macros?

macOS Browser Stuff

Posted: Oct 13, 2021 | ~ 2 mins read time
#browsers #forensics #macOS
Browser artifacts and EDR data you should expect when investigating macOS devices.

macOS - What is SIP?

Posted: Aug 5, 2021 | ~ 1 min read time
#forensics #howto #macOS
What is SIP? A quick dive into the security integrity protection feature introduced back in 10.X that helps keep Apple machines safe from unsigned code.

macOS Memory Acquisition

Posted: Jul 16, 2021 | ~ 1 min read time
#forensics #howto #macOS #memory
How to dump memory from macOS devices using OSXPmem.

macOS VM HowTo

Posted: Jul 12, 2021 | ~ 1 min read time
#howto #macOS #vm
My go-to method for creating a quick and easy virtual macOS machine if you have an Apple host.

HtB: Persistence

Posted: Apr 26, 2021 | ~ 3 mins read time
#ctf #forensics
I recently got access to retired Hack the Box challenges and decided to provide write-ups as well as explanations of the forensics concepts behind the challenge. This is the first post in what will hopefully become a series on DFIR concepts.

Ransomware Thoughts

Posted: Apr 14, 2021 | ~ 4 mins read time
#ransomware
With ransomware being an ever-present threat, I thought I'd jot down some best practices I've come across to prevent and, if the worst should happen, recover from such an attack. This is far from a comprehensive list but can be a jumping-off point when developing a new plan or updating ex...