forensicskween

Blog

Making the most of Property Lists

8th March 2021

Property Lists are files that store important data/metadata about a user and its device. They are found in iOS/MacOS and are important in the scope of DFIR investigations.

Explore more
CTFs

Latest

CyberDefenders: Hafinum-APT

Windows Event Logs Analysis Challenge, and I am happy to introduce my rebrand of my old script to make a sqlite database out of Windows Event Logs!!!

NEW!

Check, Search, and use my notes
more
Focus

Windows Forensics

CyberDefenders: Hafinum-APT

11th May 2023

Windows Event Logs Analysis Challenge, and I am happy to introduce my rebrand of my old script to make a sqlite database out of Windows Event Logs!!!

HackTheBox: Insider

9th August 2022

A potential insider threat has been reported, and we need to find out what they accessed. Can you help?

HackTheBox: Event Horizon

8th August 2022

Our CEO’s computer was compromised in a phishing attack. The attackers took care to clear the PowerShell logs, so we don’t know what they executed. Can you help us?

CyberDefenders: Pwned-DC

31st March 2022

An ActiveDirectory compromise case: adversaries were able to take over corporate domain controller. Investigate the case and reveal the Who, When, What, Where, Why, and How.

TryHackMe: Investigating Windows

30th March 2022

This is a challenge that is exactly what is says on the tin, there are a few challenges around investigating a windows machine that has been previously compromised.

Connect to the machine using RDP. The credentials the machine are as follows:

CyberDefenders: DetectLog4j

22nd March 2022

For the last week, log4shell vulnerability has been gaining much attention not for its ability to execute arbitrary commands on the vulnerable system but for the wide range of products that depend on the log4j library. Many of them are not known till now. We created a challenge to test your ability to detect, analyze, mitigate and patch products vulnerable to log4shell.

CyberDefenders: Injector

17th March 2022

A company’s web server has been breached through their website. Our team arrived just in time to take a forensic image of the running system and its memory for further analysis. As a security analyst, you are tasked with mounting the image to determine how the system was compromised and the actions/commands the attacker executed.

Twitter Github Discord

Follow Us

Video of the Week

TAGS
android (2) aws (1) backdoor (1) bmp (1) browser forensics (1) cheatsheet (3) cloud (1) cloud forensics (2) cmdwatcher (1) cobaltstrike (1) computer forensics (1) cron (1) crypto (19) cryptography (2) CTF (9) cyberchef (1) cyberdefenders (27) cyberdefenders writeup (1) document forensics (10) elliptic-curve (1) enumeration (1) eventlogs (2) evtxtract (1) exfiltration (1) exim (1) exploit (1) Firefox (1) forensics (46) ftk (1) gobuster (1) hackthebox (5) htb (19) htb-crypto (17) htb-ctf (1) htb-forensics (9) htb-mobile (1) htb-retired (6) iOS (2) javascript (1) kerberos (1) keylogger (1) knapsack (1) linux (4) linux forensics (6) log (3) log4j (1) log4shell (1) log analysis (1) machine (1) maco (2) MacOS (2) maldoc (5) malware (6) malware analysis (3) memory (7) memory forensics (16) metasploit (1) mimikatz (1) misc (1) Mobile forensics (3) mounting (5) network (2) network forensics (12) open-source intelligence (1) osint (2) packet capture (1) pcap (9) pdf-parser (1) pdf forensics (2) pyminilib (1) radare2 (1) ransomware (2) rdp (1) registry (3) research (1) reverse engineering (5) rsa (2) security (2) slack (1) sleuthkit (1) smb (2) sql injection (1) ssh (1) steganography (1) the-forensics (1) threat intel (1) tryhackme (5) vba (2) volatility (8) volshell (1) web logic (1) windows (9) windows forensics (12) wireshark (10) xor (1)
101

Cheatsheets

more

Memory Analysis Cheatsheet & Tools

Analysis Volatility2 Volatility is the go to for memory analysis. There are two versions: Volatility for Python 2 and Volatility3 for Python3. They are quite

Socials

Twitter Github
Resources
None
Pages

Copyright © 2023 forensicskween

Exit mobile version
%%footer%%