Overview AmcacheParser different from other Amcache parsers in that it does not dump everything available. Rather, it looks at both File entries and Program entries. Program entries are found unde...
WxTcmd
Overview WxTcmd is a tool used to parse the SQLite ActivitiesCache.db file to provide forensic evidence of execution and file interaction. Tool Name Version MITRE ATT&am...
C# Overview
Overview OOP is the foundation of many development languages, building classes and organizing the code into a structured way. Many approaches, patterns and architectures are compatible with OOP. ...
Windows Security and Relative Identifiers (SIDS and RIDS)
Overview During analysis of suspected or known breaches, the use of these identifiers can assist in various ways. One of the most common is looking for processes, including legitimate ones, that o...
Windows Portable Executable (PE) File Format
Overview The portable executable file format is a type of format used in 32 and 64bit Windows operating systems and includes items such as object code, DLLs font files and core dumps embedded with...
Public-Key Infrastructure (PKI)
Overview PKI implements two cryptographic methods to encrypt and decrypt traffic; symmetric and asymmetric cryptography and hashing. The purpose of establishing PKI encryption for network communic...
DensityScout
Overview This tool calculates density (entropy) for files of any file-system-path to finally output an accordingly descending ordered list. This makes it possible to quickly find (even unknown) ma...
Study Methodology
Overview There are millions (don’t quote me on that) of courses and certifications available within he IT and Cyber Security realm with new ones popping up just as frequently as the sun rises. No ...
TheHive4, Cortex, and MISP Server Installation
Overview “TheHive is a scalable 3-in-1 open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner deali...
Installing and Configuring Wazuh EDR
Overview Wazuh is a security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads. The solution is composed of a single universal agent and three central compon...