Scalable forensics timeline analysis using Dissect and Timesketch
This blog post is also published on the website of my employer, Hunt & Hackett, which has given me the opportunity and inspiration to develop this type o...
Posts by Year
2023
2022
Automating DFIR using Cloud services
TL;DR: The DFIR lab can automate the processing of Plaso timelines to Timesketch using Velociraptor and Google Cloud services
Using Docker images from scratch
The last blog post about Docker was about using non-root Docker containers and why this is safer. This time I want to go a step further and explain what I th...
2020
Mount Locker ransomware analysis
This blog post will explain how the ransomware called Mount Locker works. For encryption, Mount Locker uses Chacha20 to encrypt files and RSA-2048 to encrypt...
Preparation Tips for CKAD
5 days ago, I took the CKAD exam and passed. So I decided to write this short blog post about my experience and to share some tips that helped me pass it. Ev...
DarkSide ransomware analysis
This blog post will try to explain how the ransomware called DarkSide works. Based on my research, this ransomware uses Salsa20 encryption to encrypt files a...
Excorsist Ransomware Analysis
Instead of attacking companies to deploy ransomware, the thread actors behind the Exorcist 2.0 ransomware are using a different way of attacking companies.
Why You Should Be Using Non Root Docker Containers
I am assuming you are already familiar with Docker. What most of the people do when using official Docker images is pull the image, install some stuff and l...
How To Analyze Executables With Ghidra X64dbg And Ret Sync
In this blog post I would like to explain how to analyze files using Ghidra and x64dbg while using the ret-sync plugin. While analyzing malware it is importa...
Lets Analyze Wasted Locker
This blog post will explain the workings of the ransomware named Wasted Locker based on 3 different samples. Last weeks I read a lot of articles about compan...
Lets Analyze Ragnar Locker
After reading this article about the Ragnar Locker ransomware running in a Windows XP VM to prevent it from being detected. I thought why not just analyze it...
Malware Challenges Analyzeme No1
I saw this tweet about a RE challenge and thought why not just do it.
Reverse Engineering For Beginners
Another reverse engineering challenge :)
Malware Tech Reversing Challenges
Because I want to learn more about reverse engineering, I did the MalwareTech Reversing Challenges and made a write-up of it.
Secura Ics Scada Challenge
A few weeks ago, I went to the hacking event Hackerhotel, and I saw this tweet (https://twitter.com/djrevmoon/status/1227126257676058624) about an interactiv...
2019
Using Metadata To Perform Reconnaissance
Before hacking (red teaming, pen-testing, etc.), you must carry out a recon on the company. Almost every company has a public website with documents. These d...
Vulnerability Disclosure
Recently, I got a question from a young hacker about how to start with Responsible Disclosures. This is a tutorial to contribute to the online Security of Th...
2018
One Conference 2018
This year was the first time I visited the One Conference. During the event, I went to some technical talks and had fun with a lot of people. But at the begi...
Hak5 Packet Squirrel
A week ago, I ordered some tools from Hak5. The Lan turtle and the Wifi Pineapple. I always watch the video’s from the Hak5 Youtube channel and saw them play...
Webhacking
After reading the book The Web Application Hacker’s Handbook. I thought why not make a checklist for hacking websites with tools, tips and write-ups. And so ...