Uploaded all my Offensive Security & Reverse Engineering (OSRE) course labs (docx) to my repo found below. Most of them have very detailed instructions and should be great to get you started in Software Exploitation. 1/n
#Offsec
#SoftwareExploitation
#RE
Hey
#DFIR
community. If you need forensic images to play with or to use for your training, then please feel free to use my images found here:
I have fixed all broken URLs thanks to
@bunsofwrath12
. They are free to use even for commercial training.
One of the most important skills in
#DFIR
is using a hex-editor. Therefore, I created a 40+ video series on how to use 010-editor, which is probably the best Hex Editor out there!
كثيراً ما يتم سؤالي، كيف أبدأ في مجال الأدلة الجنائية الرقمية أو حتى في الأمن السيبراني؟ جوابي كان ولا يزال نفسه: دراسة نُظم التشغيل!
بدأت في عمل خارطة توضح المواضيع التي يتم تغطيتها في نُظم التشغيل، وهي نفس المواضيع التي سوف تحتاجها في جميع مجالات DFIR و Cybersecurity
نصيحة لكل مهتم بالأمن السيبراني بمختلف تخصصاته وفروعه. أهم بحث ممكن تقرأه في مشوارك التعليمي هو:
Reflections on Trusting Trust
البحث عبارة عن 3 صفحات! نعم، 3 صفحات فقط، ولكن الفائدة التي فيه عظيمة!
ملاحظة: لو قرأت البحث ولم تفهم من أول مرة، فلا تقلق وأعد القراءة مرة آخرى...
If you need a
@cuckoosand
Sandbox to run test on your samples or files you collected, now you can do that from a VM and no need for a dedicated machine. This version also has
#Moloch
integrated with it. Please share if useful
#Malware
#DFIR
. Download URL:
If you missed the Windows Forensics Workshop I did last week
@BSidesAmman
, you can find URLs to all the files, recording, etc below. It will be added as a free course to play with and check the answers
@cyber5w
very soon too.
#DFIR
#Windows
Over the last couple of years, me and my team have covered a lot about
#Linux
#DFIR
. Lots of system and GUI artifacts has been covered and can be found here:
This is probably the best project about undocumented Windows Kernel data structures that I've ever seen. If you do anything related to coding, RE,
#Malware
,
#DFIR
, etc, then you should keep this project bookmarked!
السلام عليكم. الاتحاد السعودي للأمن السيبراني والبرمجة والدرونز
@SAFCSP
مشكوراً، سوف يقوم بإستضافتي ضمن فعاليات #سايبر_نايت لعقد ورشة عمل تحت عنوان "Linux Forensics".
إذا كنت تريد المتابعة والتطبيق معي، فأرجوا أن تقوم بتحميل جميع الملفات الموجودة هنا:
Last semester I was lucky to teach a group of amazing undergrad students (thank you!) my "Offensive Security & Reverse Engineering" course
@ChamplainEdu
#offsec
#exploit
#exploitation
Today, I'm publishing the whole course here:
Please read 1/n
I'm currently recording my Offensive
#SoftwareExploitation
course in English for my students at the college, but sharing it here too, maybe it is useful to someone!
More info can be found here:
If you're new to PE file analysis? Then these videos using the 010 Editor guides you through everything from the basics to understand the Windows PE file format. You'll learn the PE file structure, plus howto use 010 Editor
#DFIR
#Malware
#Windows
#PE
Important note to those new to this account. The course below is completely FREE. I know someone (maybe more) has ripped the videos & probably now the labs & is selling them on
@udemy
. Please do not pay for this course, it is FREE!
#ExploitDev
#Offsec
All material for our Linux Forensics workshop done
@DFRWS
can be found below. The case used involved a compromised Hadoop cluster with compromised accounts, EoP, lateral movement, & diff persistent mechanisms!
#DFIR
CC:
@maryst33d
@_cyberyom
@leahycenter
Want to start learning about software exploitation? Then check my FREE course below. More than 12h+ of recorded hands-on content and all the labs, slides, etc are published completely FREE! The course start with the very basics.
#Cybersecurity
#exploit
During the last two years, we shared a lot about
#LinuxForensics
#DFIR
at DFRWS, MVS, NW3C, OSDFCon, SANS DFIR, & many more. All of the work can be found here:
Follow this thread to understand what's shared and check the repo to know the team plus others.
Working with a hex-editor is a very important
#DFIR
skill. I'm releasing the videos I recorded on how to use the 010 Editor for FREE. These videos were done for our
@cyber5w
"Working with Files" course. Your feedback is very important to us!
I maintain a simple Google doc of tools and useful resources for
#Malware
analysis. I converted it to a GitHub repo to make it easier for me to update and share with you all. If you have any feedback or if you recommend a tool, please let me know.
#DFIR
جميع الفيديوهات لكورس Offensive Software Exploitation، سوف يتم رفعها على القناة الموجودة في الأسفل. شكراً لجميع من شجع على ذلك، وإن شاء الله يكون الكورس مفيد للجميع.
If anyone needs
#DFIR
case studies for their practice, training, whatever? Then please check the ones I've created over the years! Enjoy them!
#Cybersecurity
Finally found my intro to IOCs and writing Yara rules recordings. I've uploaded all three of them.
IOCs and Yara - Part
#1
Hey
@cyb3rops
I would appreciate it, if you have time to check these videos and let me know if I'm missing anything?
#DFIR
#Yara
في الرابط الموجود بالأسفل عناوين المواضيع التي قمت بتدريسها في جامعتي السابقة والحالية. أرجوا أن تقومو بالإطلاع عليها:
هي مفيدة جداً للمهتمين في هذا المجال وكذلك لمن لديه إمتحان لأي شهادة فيها Exploitation. لو وصل عدد المهتمين الى 500+ سوف أقوم بتسجيلها.
Hey
#DFIR
&
#Malware
community. A memory forensics case were you are required to analyze a memory dump of a Windows 10 system that has been hit with a
#Ransomware
. Let the games begin. Please share!
$100 bounty will be paid to whoever solves this case!
The updated version of tiny_tracer developed by
@hasherezade
is truly impressive. I tested it with a simple keylogger (no obfuscation) that I have for my students and the results are as you see in the figure below. Amazing!
#DFIR
#Malware
Are you attending my Windows Forensics workshop today? Then while I'm uploading the E01 again, please download:
1.
@EricRZimmerman
tools + (sponsor him on Github)
2. FTK Imager or
@ArsenalRecon
Image Mounter
3. 010 Editor (trial is fine)
4.
@nirsoft
WinPrefetchView + HashMyFiles
Challenge
#7
- SysInternals Case
#DFIR
This should be a fun investigation and hope you enjoy it as much as we did... Thanks again
@keydet89
and
@cyber5w
If you recently started following this account & interested in Offensive Security
#offsec
, then plz check my Offensive Software Exploitation Course below. There is more than 8h of recorded content & everything could be downloaded from my Github repo too.
Today we officially announce the birth of our
@cyber5w
project!. Thanks to everyone working behind the scene with us to make this project come to life and we hope to make digital forensics training accessible to everyone.
#DFIR
What malware samples would you recommend using to teach malware analysis for new students and why?
Please let me know. I would love to know your recommendations
#DFIR
#Malware
I created this video last year about "Tracing Windows APIs using Tiny_Tracer" which is a great tool developed by
@hasherezade
... If you find anything in my explanation incorrect, I would appreciate the feedback! THANK YOU Hasherzade!
#DFIR
#Malware
التسجيل الخاص بورشة العمل Linux Forensics التي أستضافني بها الاتحاد السعودي للأمن السيبراني والبرمجة والدرونز
@SAFCSP
ممكن تجدونها مسجلة على اليوتيوب هنا:
My Linux Forensics Workshop recorded in Arabic, but the manual is mostly English.
#DFIR
Here is my
#Friday
#giveaways
!
Like, retweet and share with your network... I'll randomly choose on Monday 4/1 two winners to get the full "C5W Certified Malware Analysis" course and certification for FREE... You should not miss this!
#DFIR
#Malware
When one of the prestigious cybersecurity vendors (also does malware analysis) contacts you & asks you to develop a malware analysis course for them, that’s a recognition of its own! Thanks to all those who took any of my courses, this wouldn’t be possible without you! 🙏🏻
I've been asked a lot about Operating Systems resources (Courses & Books). Therefore I added the ones that are not only my favorites, but the ones I learned most from to my OS repo found below. They include books for both
@zodiacon
and
@mkerrisk
.
The only labs I did not upload, were the RE labs, because most of them were from online CrackMe(s) and from
@OphirHarpaz
online
#RE
workshop found below. 2/n
Yesterday while traveling back home from
#MagnetSummit2022
, got an email about being promoted to "Associate Professor". While I don't really care about titles, but it's been over a decade! Every time I get close to a promotion, I change my job & it never happened! It did now 🙏🏻
Our Linux Forensics workshop material we used for the National Cyber Crime Conference 2023 has been uploaded and can be found on our repo below.
#DFIR
CC:
@maryst33d
@leahycenter
Would you be interested if I do a video series on basic OS Internals?
#DFIR
#Cybersecurity
If this poll reaches at least 1K of interaction, I will start recording. Feel free to drop suggestions, otherwise I'll prepare a draft ToC. Focus will be on the Windows Operating System.
What is the best way to delete Windows Event Logs?
Option
#1
(not good and does not clear everything):
Get-EventLog -LogName * | ForEach { Clear-EventLog $_.Log }
Option
#2
:
Wevtutil el | ForEach { wevtutil cl “$_”}
What else have you spotted TA use?
#DFIR
#SOC
#Logs
Mind map showing Operating Systems components that are important for anyone doing
#Cybersecurity
/
#DFIR
خريطة ذهنية تُظهر مكونات أنظمة التشغيل المهمة لأي شخص يقوم بالأمن السيبراني /
#DFIR
شباب، جميع ملفات كورس Offensive Software Exploitation حالياً سوف يمكنك الوصول لها من خلال الرابط الذي بالأسفل. سوف أقوم برفعهم بعد الإنتهاء الى Github. حالياً ستجدون الفيديو الأول والثاني، والسلايدات التي أستخدمتها في الفيديو الثاني كذلك.
New Free
#DFIR
case study!
"We have a system that has been compromised by a malware and the only evidence we have is the system's Unallocated space!"
Let's see who can solve this one!
Want to learn how to use a hex-editor "010 Editor" & parse binary format files (e.g. PE files)? Then this is a series of 41 videos (so far) that should help you
#DFIR
#HexEditor
#010Editor
8 days ago I took my mother to the emergency because she had a heart attack. This weekend we did a COVID-19 test for her and unfortunately she now tests positive. I have not done a test for myself yet.
Please keep her in your thoughts or prayers🤲🏻.. Thank you and stay safe...
I've created a video to explain howto generate timelines and use the
@TimesketchProj
tool. I hope it will be useful to someone!
#DFIR
"Working with log2timeline and Timesketch"
Reminder: tomorrow will be doing a webinar about Linux Forensics. If you're interested, just register. It is free, not gonna charge you anything :)
#DFIR
#LinuxForensics
Why do you need to learn Linux forensics? Over 96% of web servers run Linux, but free training is hard to find. Check out this article from
@ForensicFocus
: .
Dr. Ali Hadi from
@ChamplainEdu
will be joining us for a free webinar on Linux forensics 12/28.
Finally found time to play with GOAD from
@M4yFly
. Currently deployed all of it within a single VM (nested virtualization). Amazing project, thank you so much for the time and efforts to build this! ...
Check it out here:
These are other videos that I rerecorded this semester for my students to configure and install Velociraptor from
@velocidex
. I hope they will be useful to someone!
#DFIR
Installing Velociraptor - Server Config Files
These are GREAT reads! All credits to the author of these posts!
#DFIR
#Malware
#Debugging
#Memory
"Windows Address Translation Deep Dive – Part 1"
"Windows Address Translation Deep Dive – Part 2"
If you write
#Windows
C++ code or incorporate code from others into your own tools & get confused with the different data types TCHAR/LPSTR/etc, then this old but very useful article could help you.
"What are TCHAR, WCHAR, LPSTR, LPWSTR, LPCTSTR (etc.)?"
Started working at
@leahycenter
in 2019 as faculty fellow, then research lead, today I officially got promoted to the "Research Director"!
Big thanks to Leahy Center Director Joe Williams and to all the students, staff and faculty that I worked with over the years. THANK YOU ALL
If you want to gain access to the file system of a Windows Sandbox, then make sure you attach the whole drive and not the C:\ volume. Check the screenshot for what is seen at volume level vs physical level.
#DFIR
#WindowsSandbox
If you're studying any of the new Windows Debugging (Windbg) courses from
@OpenSecTraining
and need to configure two VMs on a Linux system for Windows Kernel Debugging? Then my post below should help you.
#Windows
#CyberSecurity
#OST2
Hey
#DFIR
community... if you want to play with some basic Anti-Forensic stuff related to the NTFS file system, please check the challenge me &
@maryst33d
created. I don't want to spoil it, but there is probably something in it that not many know about!
Here we go again with more
#Windows11
#DFIR
user activity. Check "ClockButton" value under:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\TrayButtonClicked
This tracks no. of times user clicks on the clock in the system tray. Now why does MS track that?😅