Resurrecting SpearPhisher

      No Comments on Resurrecting SpearPhisher

A couple of years ago I was looking for something that could generate some spear phishing emails I could use to test some of our network defenses and later could be used as part of a Red Team exercise. At the time I couldn’t find anything I really liked that balanced features, cost and ease of setup and configuration. I… Read more »

Solving the SANS 2016 Holiday Hack Challenge

      8 Comments on Solving the SANS 2016 Holiday Hack Challenge

tldr; SANS released the 2016 Christmas Holiday Hack Challenge.This serves as my official submitted answer, and my offering to you dear reader in case you want to see how I approached the challenges. So settle in this is going to be a long post. At the time of writing the challenge is still live and SANS typically keep the servers… Read more »

VolUtility Release v1.2 – With Authentication Module

VolUtilty 1.2 has now been released. If your not sure what VolUtility is – The main addition here is the new optional Authentication module. It is disabled by default and can be enabled via the config file. Before enabling the Auth module it will need a small amount of setup that is detailed on the wiki, basic steps are: cd… Read more »

Kali Linux on Acer Chromebook 14

      8 Comments on Kali Linux on Acer Chromebook 14

I like Chromebooks! They are cheap, light, easy to use and have great battery life. But they can also be quite limiting sticking to Chrome OS if you need to do some real Dev work. For the most part Chrome OS is good enough for me. I run a lot of Virtualized Hardware (ESXi) and this can be accessed with… Read more »

Happy New Year 2017

      No Comments on Happy New Year 2017

First let me wish you all a happy new year from 2017. I’m going to keep this short with a basic review of last year and the projects i aim to work on this year. Last Year 2016 was a busy year for projects, but not so much with keeping the blog up to date. Before i get in to… Read more »

VolUtility Version 1.0 Release

      2 Comments on VolUtility Version 1.0 Release

It’s a week late but I finally have enough testing done that I’m happy to call this a 1.0 release. :) If you’re not sure what VolUtility is then read some of the earlier posts: VolUtility a web front end VolUtility release 0.2 Solving GrrCon 2015 Solving GrrCon 2016 tldr; It’s a web front end for the Volatility memory analysis… Read more »

Solving GrrCon 2016 DFIR Challenge

      6 Comments on Solving GrrCon 2016 DFIR Challenge

It’s that time of year again and Wyatt Roersma has released the 2016 GrrCon DFIR Challenge. At the time of writing it’s still available to register and download the images from Once again as these are memory images I am going to try to solve the challenge solely using VolUtility. Word of warning I reveal all the answers :p For the… Read more »

Extracting LastPass Site Credentials from Memory

      12 Comments on Extracting LastPass Site Credentials from Memory

Let me start by stating this is not an exploit or a vulnerability in LastPass. This is just extracting any data that may remain in memory during a forensics acquisition. At some point the data must be in clear. I was reading the Art Of Memory Forensics, (if you don’t own this i highly recommend it. ) On one of the… Read more »

USB Rubber Ducky and a New ToolKit

      6 Comments on USB Rubber Ducky and a New ToolKit

USB Rubber Ducky The USB Rubber Ducky is a product designed and Sold by Hak5. Essentially its a USB keyboard without any keys that you can pre-program a set of keystrokes on to. When the device is plugged in, its installed as a generic keyboard and will then type whatever you have scripted it to use. Duck Code Duck code is how… Read more »

Solving GrrCon15 Memory Challenge with VolUtility

After seeing that Brian Baskin and Tony Cook had published a writeup solving the GrrCon 2015 Memory challenges I thought this would be an ideal way of testing VolUtility, A way to make sure that i have covered all the features, and if not then how to try and add them so it does. Plus it looked like fun :)… Read more »