VolUtility Release 0.2

Just a quick update on the new VolUtility release. If you missed the first post telling you what VolUtility is you can read it here. VolUtility a web front end for the volatility framework. Along with several bug fixes and general code tidy the following features have been added or improved. Support Linux and Mac memory images. Adds a config file… Read more »

VolUtility a web front end for the volatility framework.

Several months ago i finally managed to attend the SANS memory forensics course (FOR526) . Taught by the very knowledgeable @sibertor. The course covers memory structures and focuses on the two key frameworks for memory analysis, Volatility and Rekall. Im not going to get in to which is best, each has their uses and most times I will flip between… Read more »

Security Onion – Command Injection Vulnerability


I recently needed to deploy an IDS and full packet capture on a small network. Fortunately the open source community has had such a thing for a while. Security Onion. A Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other… Read more »

DarkComet – Hacking The Hacker

Before I begin this post let me get the following statements out of the way. I Am NOT A Lawyer. The use of the Tools and Techniques discussed in this post may not be legal in your country. The original credit for the discovery belongs to Shawn Denbow and Jesse Hertz. All I did was expand on their POC. Back in… Read more »

Viper – Modules – Office

This follows on from the post detailing the basic usage of viper. If you have not read that post I would start there. An index of all the modules can be found here. Office The office module is designed to extract meta data and stream information from a variety of office formats. As before this will showcase the analysis features of Viper… Read more »

Viper – Modules – APK

This follows on from the post detailing the basic usage of viper. If you have not read that post I would start there. An index of all the modules can be found here. APK The apk module is designed to extract information from Android Application Packages (APK). I am not going to look at the APK structure im just going to showcase what… Read more »

Viper – First Use

This series is going to take a closer look at using the Viper analysis platform and its associated modules. If you are new to Viper here are a few links for you. http://viper.li – The projects home https://github.com/botherder/viper – the projects GitHub Install Guide – My Install guide. Lets dive straight in and assume you have just finished installing and… Read more »

Decoding Rig Exploit Kit

This is going to be short and too the point. Python script to decode Rig Exploit Kit landing page. Its on my Github Here – https://github.com/kevthehermit/Scripts/blob/master/RigDecoder.py And this is a quick cast to show it in use. As usual Questions Queries Comments below.

Home IDS with Snort And Snorby

An Intrusion Detection System at is simplest is a network monitoring tool. It is designed to match patterns in network traffic that can be used to indicate malware infections, bad traffic or policy violations. You can read more about IDS here. I have discussed IDS installation in one of my early posts. In that post I used a pre-built, ready… Read more »

ProxMox Custom OpenVZ Templates

In my previous post I had decided / was forced to replace ESXi with ProxMox and that it was capable of running OpenVZ containers, which was something I wanted to play more with. OpenVZ Containers are a method of OS virtualization that can create multiple, secure, isolated Linux containers. Each container runs independently of each other and of the main Operating System. You can… Read more »