Overview AmcacheParser different from other Amcache parsers in that it does not dump everything available. Rather, it looks at both File entries and Program entries. Program entries are found unde...

Overview WxTcmd is a tool used to parse the SQLite ActivitiesCache.db file to provide forensic evidence of execution and file interaction. Tool Name Version MITRE ATT&am...

Overview OOP is the foundation of many development languages, building classes and organizing the code into a structured way.  Many approaches, patterns and architectures are compatible with OOP. ...

Overview During analysis of suspected or known breaches, the use of these identifiers can assist in various ways. One of the most common is looking for processes, including legitimate ones, that o...

Overview The portable executable file format is a type of format used in 32 and 64bit Windows operating systems and includes items such as object code, DLLs font files and core dumps embedded with...

Overview PKI implements two cryptographic methods to encrypt and decrypt traffic; symmetric and asymmetric cryptography and hashing. The purpose of establishing PKI encryption for network communic...

Overview This tool calculates density (entropy) for files of any file-system-path to finally output an accordingly descending ordered list. This makes it possible to quickly find (even unknown) ma...

Overview There are millions (don’t quote me on that) of courses and certifications available within he IT and Cyber Security realm with new ones popping up just as frequently as the sun rises. No ...

Overview “TheHive is a scalable 3-in-1 open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner deali...

Overview Wazuh is a security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads. The solution is composed of a single universal agent and three central compon...