Security : Systems forensics and free tools

Based on my 25 years experience as sysadmin, I recommend you the free tools below for forensic analysis and systems assessment: Repair tools: http://trinityhome.org/Home Windows privilege escalation: https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/ Blog hacker playbook mindmap (poster): https://www.marcolancini.it/2018/blog-hacker-playbook-mindmap/ SANS DFIR hunting evil Windows map (poster): Windows systems: https://digital-forensics.sans.org/media/DFPS_FOR508_v4.3_12-18.pdf Linux privilege escalation: https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ Blogs and web sites: 51 Tools for Security AnalystsContinue reading “Security : Systems forensics and free tools”

Windows forensics: have I been hacked?

Main question is: How do I know if I have been hacked? Hacking mind map: https://www.marcolancini.it/2018/blog-hacker-playbook-mindmap/ Detecting lateral movement using event logs: http://blog.jpcert.or.jp/.s/2017/12/research-report-released-detecting-lateral-movement-through-tracking-event-logs-version-2.html Sysmon 6: https://technet.microsoft.com/en-us/sysinternals/sysmon  and how to use it: https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2843&ithint=file%2cpptx&app=PowerPoint&authkey=!AMvCRTKB_V1J5ow http://blog.crowdstrike.com/sysmon-2/ http://joshuadlewis.blogspot.fr/2014/10/advanced-threat-detection-with-sysmon_74.html additional resources on this blog: http://wp.me/p15Zft-od and some other links:  http://www.computerforensicsworld.com/, http://www.forensics.nl/links The first step is to scan your computer with a RootkitContinue reading “Windows forensics: have I been hacked?”

Penetration testing resources

Hi, Here are list of web resources about Penetration techniques (pentest)/forensics techniques etc: Definitions: http://en.wikipedia.org/wiki/Penetration_test  ; http://en.wikipedia.org/wiki/Computer_forensics Tools and techniques: – Penetration toolkit for Windows: http://pentestlab.wordpress.com/2013/01/07/windows-tools-for-penetration-testing/ – Penetration toolkit from Erdal Ozakaya: http://www.erdalozkaya.com/index.php/security/83-penetration-testing-framework-0-58http://pentestlab.wordpress.com/http://www.coresecurity.comhttp://www.backtrack-linux.org/    ; http://fr.wikipedia.org/wiki/BackTrack  ; http://backtrack-fr.net/http://www.ampliasecurity.com (with the famous wce) , http://oss.coresecurity.com/projects/pshtoolkit.html – http://sectools.org/http://www.truesec.com – guides:Continue reading “Penetration testing resources”