Posts

It’s semester 2 2023 and time for my final subject in the UNSW Cyber Security Masters course, digtital forensics run by Seth Enoka. I got to venture deep into Windows internals, including core Windows memory structures, subsystems such as prefetch and shimcache, NTFS file system internals and mechanicsm including MFT analysis and much more. All this analysis was conducting using the following Linux analysis tools: Tools Tools Description Yara A pattern-matching tool used in malware research and forensic analysis to identify and classify files based on defined rules and signatures. Volatility 2 & 3 Open-source memory forensics frameworks used to extract and analyze digital artifacts from volatile memory (RAM) in a memory dump to investigate cyber incidents and malware. Volatility USNParser Plugin A Volatility plugin specifically designed to parse and extract information from the USN journal on Windows systems, aiding in file activity analysis. SCCA Tools SCCA (Source Code Control System Analysis) Tools assist in examining version control system repositories to identify code changes, contributors, and track project history. ESEDB Tools These tools provide access to Extensible Storage Engine (ESE) Database files, commonly used in Windows applications, for analysis and recovery purposes. analyzeMFT A tool used in digital forensics to parse and analyze the Master File Table (MFT) entries from NTFS filesystems, revealing information about files and directories. Oletools A collection of Python-based tools for analyzing and extracting data from OLE (Object Linking and Embedding) files, such as Microsoft Office documents, often used in malware analysis. Wireshark A widely-used network protocol analyzer that captures and inspects data packets on a network, helping with network troubleshooting, security analysis, and protocol reverse engineering. The Sleuth Kit (TSK) An open-source digital forensic toolkit that includes various CLI tools (mmls, fls, icat) for file system analysis and data recovery from different operating systems. Plaso An open-source Python-based tool used for super timeline creation and log analysis, helping to reconstruct events and activities from various data sources for forensic investigations. Advanced Forensics Format Library (afflib) Tools Tools for working with the Advanced Forensics Format (AFF), an extensible open file format used in computer forensics to store disk images and related metadata. wxHexEditor A hexadecimal editor with a graphical user interface, used for low-level data inspection and editing in forensic analysis and reverse engineering. Gnumeric A spreadsheet application, similar to Microsoft Excel, used for data analysis and visualization, including data manipulation and statistical functions. Personal Folder File Tools (pfftools) Tools designed to work with Personal Folder File (PFF) formats, commonly used by Microsoft Outlook to store emails, calendars, and other personal data. These tools aid in email forensics and analysis. Resources Windows shellbags 8 timestamps on an NTFS file system, an attacker can fairly easily mutate 4 of them, hard to convincingly adjust nano-second level Eric Zimmermans Windows Forensics Tools SANS Hunt Evil Poster Knowing what’s normal on a Windows host helps cut through the noise to quickly locate potential malware. Use this information as a reference to know what’s normal in Windows and to focus your attention on the outliers. MITRE ATT&CK MITRE ATT&CK for ICS Cyber Kill Chain Industrial Cyber Kill Chain Locard’s Exchange Principle NIST Guide to Forensics in Incident Response Dragos Threat Groups Crowdstrike Adversary Groups Diamond Model for Intrusion Analysis The Four Types of Threat Detection Volatility v2.4 cheat sheet Module 0 - Intro Locards Principle (Edmond Locard aka Sherlock Holmes of France) ...

Cool new features in 3.11. Performance 1.2x faster generally, thanks to an adaptive interpreter (PEP659) that optimises byte-code based on observed behaviour and usage. Take for example the LOAD_ATTR instruction, which under 3.11 can be replaced by LOAD_ATTR_ADAPTIVE. This will replace the call to the most optimised instruction based on what is being done, such as: LOAD_ATTR_INSTANCE_VALUE LOAD_ATTR_MODULE LOAD_ATTR_SLOT Disassembling some code: def feet_to_meters(feet): return 0.3048 * feet for feet in (1.0, 10.0, 100.0, 1000.0, 2000.0, 3000.0, 4000.0): print(f"{feet:7.1f} feet = {feet_to_meters(feet):7.1f} meters") import dis dis.dis(feet_to_meters, adaptive=True) # 1 0 RESUME 0 # # 2 2 LOAD_CONST 1 (0.3048) # 4 LOAD_FAST 0 (feet) # 6 BINARY_OP 5 (*) # 10 RETURN_VALUE However, when the interpreter is given more concrete to work with its able to optimise. For example, outside the loop context when given a float, floating point instructions are put to work: ...

A bunch of (scattered) tips and resources as I experiment with Vue. Basics: General wisdom Anatomy Eventhandling Watchers Computed props Components: Components Props Lifecycle hooks Emitting events Slots Fetching Data: Calling APIs in hooks Unique identifiers Styling Components: Global vs scoped styles CSS modules CSS v-bind Composition API: Composition API Reactive references script setup Composables Routing and Deployment: Vue Router History Dynamic routes Deployment Advanced: Pre-processors Pinia State Management Overview What is Vue? an open-source model–view–viewmodel front end JavaScript framework for building user interfaces and single-page applications, created by Evan You Helpful resouces: Read the offical docs Examples Vue cheat sheet Awesome Vue Vue.js devtools Volar VSCode extension Built-in Directives General wisdom It’s best to stick to conventions of the web and use camelCase in your script and kebab-case in your template Don’t pass functions as props, instead emit events props couples components to each other, for broad or deep cross cutting state, level up to state management Test data sources: JSON Placeholder PokeAPI Anatomy Here is a bare bones vue app. There are literally 3 blocks for script, template (markup) and style: ...

Kicking off the 2023 University year I continue my journey into the Cybersecurity Masters program with unit Infomation Assurance and Security run by Michael McGarity and Huadong Mo. Provides students with a deep understanding of the technical, management and organisational aspects of Information Assurance within a holistic legal and social framework. The course is essentially modelled off the CISSP certification, which dives into the following subjects: make a realistic assessment of the needs for information security in an organisation discuss the implications of security decisions on the organisation’s information systems understand the principles of writing secure code show an understanding of database and network security issues demonstrate an understanding of encryption techniques understand foundations of the tools and techniques in computer forensics show an appreciation of the commercial, legal and social context in which IT security is implemented apply knowledge gained to business and technical IA scenarios Intro Not a one size fits all approach. Too many factors and seemingling chaotic variables, such as risk appetites, country legislation, the business vertical (mining vs banking vs government), acceditation frameworks that apply to certain industries, tolerances, technology limitations, and so on. ...

2023 To Kill a Mockingbird by Lee, Harper Own the Day, Own Your Life: Optimised practices for waking, working, learning, eating, training, playing, sleeping and sex by Marcus, Aubrey 2022 The Dream Machine by Waldrop, M. Mitchell Absolute FreeBSD by Lucas, Michael W. Deep Work: Rules for Focused Success in a Distracted World by Newport, Cal 2021 Revolution in The Valley: The Insanely Great Story of How the Mac Was Made by Hertzfeld, Andy Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Poulsen, Kevin The New New Thing: A Silicon Valley Story by Lewis, Michael Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker by Mitnick, Kevin D. Bonhoeffer: Pastor, Martyr, Prophet, Spy by Metaxas, Eric * 1984 by Orwell, George Atomic Habits: An Easy and Proven Way to Build Good Habits and Break Bad Ones by Clear, James * Vagabonding: An Uncommon Guide to the Art of Long-Term World Travel by Potts, Rolf American Kingpin: The Epic Hunt for the Criminal Mastermind behind the Silk Road Drugs Empire by Bilton, Nick * The God Delusion by Dawkins, Richard 2020 Into the Wild (Ebook) by Krakauer, Jon * The Last Wish (The Witcher, #0.5) by Sapkowski, Andrzej Do Androids Dream of Electric Sheep? by Dick, Philip K. Alan Turing: The Enigma by Hodges, Andrew 2019 Harry Potter and the Philosopher’s Stone (Harry Potter, #1) by Rowling, J.K. Ultralight Backpackin’ Tips: 153 Amazing & Inexpensive Tips for Extremely Lightweight Camping by Clelland, Mike * Turn The Ship Around! by Marquet, L. David 2018 Microserfs by Coupland, Douglas * Autobiography: The Story of My Experiments with Truth by Gandhi, Mahatma Influence: The Psychology of Persuasion by Cialdini, Robert B. * The Mythical Man-Month: Essays on Software Engineering by Brooks Jr., Frederick P. 2017 The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage by Stoll, Clifford Savaged by Systemd: an Erotic Unix Encounter by Lucas, Michael Warren

Categorises the gym workout by these kinetic systems: Power (3 mins) Strength (5 mins) Endurance (8 mins) Cardio (10 mins) Durability (15 mins) Every 50 minute workout includes each of them. This is really just a catalogue of kettlebell and/or body weight exercises. Basic program 1 Cardio (10 mins) of choice run, bike, row, stair mill, jump jop Mobility (10 mins) circuit of: Kettlebell windmills (5 reps each side) Kettlebell halos (5 reps each side) variation options include lunges or squats Power (3 mins) Kettlebell sumo squat 6 sets of 10 secs on, 20 secs rest ...

This material is based on the high quality build your own CPU guide by Ben Eater. Ben cites the SAP-1 CPU architecture as the design inspiration for the CPU, which originated from the book Digital Computer Electonics by Albert Paul Malvino. The SAP (Simple As Possible) computer has been designed for you, the beginner. Its purpose, to introduce the crucial ideas behind a CPUs operation without burying you in unnecessary detail. Architecture General Electonics Dirty power Resistors Capacitors Latch vs flip flop D flip flop The clock The registers Arithmetic and Logic Unit (ALU) Design Implementation Representing negative numbers - signing bit, 1’s and 2’s complement Ones complement Two complement Program Counter (PC) PC module problem 1: counter clearing PC module problem 2: dirty clock signal Output register Arduino Nano EEPROM programmer Binary to decimal 7-segment decoder Multiplexing four 7-segment displays with a single EEPROM Handy resources Architecture The SAP-1 defines a number of logical CPU modules which are capable of integrating to form a working CPU and ultimately computer. ...

Please refer to Don Bright’s original rust-lang-cheat-sheet which I based much of this content off, as I work through The Book. Rust in a nutshell Documentation Toolchain Mutability basic Types and variables Operators Run time errors, Crashing, panic, except, unwrap, Option, Result Printing loop, while and for Concurrency, parallel processing Functions and closures Unit tests, integration tests Documentation If, conditionals, patterns, match, control flow Ownership, Borrowing, References, Lifetimes Arrays, Slices, Ranges Structs Enums Collections, Key-value pairs, Sets Macros Little programs Guess a number Cool references Rust in a nutshell Syntax similar to C Ownership of memory enforced at compile time Statically linked Functional-ish, generic-ish, not so objecty Control flow using patterns, match keyword Packages: ‘cargo’ command, https://crates.io Testing: cargo test, #[test] Concurrency: ownership, mutability, channels, mutex, crossbeam + Rayon packages Auto formatter: rustfmt filename.rs Compiler engine: LLVM Raw pointers, low level: unsafe{} keyword Documentation rustup doc for offline docs! doc.rust-lang.org standard library, primitive types, standard macros docs.rs for package documentation Toolchain $ rustup.sh # install rust, see rust-lang.org for details $ cargo new myproj # start new executable project $ cargo new --bin myproj # as above $ cargo new --lib myproj # start new library project $ cd myproj # cd into the new directory $ ls -lR # list our skeleton of files src/main.rs # main.rs, has main() entry point Cargo.toml # Cargo.toml defines packaging $ $EDITOR Cargo.toml # add dependencies and other details $ cargo build # downloads dependencies + builds main.rs $ cargo build --release # release build $ cargo check # make sure code compiles, without binary outputs $ cargo update # ignore Cargo.lock and figure out latest versions $ cargo run # runs program created from main.rs $ cargo doc --open # local web based doc $ cargo test # runs tests (in parallel by default) $ cargo test -- --test-threads=1 # run tests one at a time $ cargo test -- --nocapture # run tests, show output $ cargo run --example fundemo -- --argtodemo # run example with argument $ rustc --explain E0384 # eli5 what an error code means Mutability basic let x = false; // all variable bindings are immutable by default x = true; // compile error: can't change an immutable binding let mut p = false; // "mut" designates a binding as mutable p = true; // ok, mutable binding can change; Types and variables Rust provide two compound types; arrays and tuples. ...

Updated: 2022-01-23 I finally (2007) bit the bullet and commited to learning a real text editor. Having muddled on and off with vi since the late 90s, decided on Vim. Once you break through its initial, steep, learning curve its truly life changing. Level up and become a text surgeon today. Vim is incredibly customisable. Its important to take the time to craft your own vimrc. Type :options to understand the various levers you can pull to make Vim your editor. Almost 15 years later, I’m still constantly fine tuning things. ...

Help and context Execution policy Operators Regex Flow Control Variables Functions Modules Module Management Good modules to run Filesystem Hashtables (Dictionary) Windows Management Instrumentation (WMI) Async Filesystem events Timers PowerShell drives Data (CRUD) management Damn handy A work in progress. Credits: https://gitlab.com/JamesHedges/notes/-/wikis/Powershell/PowerShell-Cheat-Sheet https://gist.github.com/pcgeek86/336e08d1a09e3dd1a8f0a30a9fe61c8a Help and context $PSVersionTable.PSVersion # what version Get-Command # list commands available Get-Command -Module Microsoft* # list commands exported from modules named Microsoft* Get-Command -Name *item # wildcard search commands Get-Help Get-Help -Name about_Variables Get-Help -Name Get-Command Get-Help -Name Get-Command -Parameter Module Execution policy Levels = {Restricted,Remote Signed,All Signed,Unrestricted} ...