Saturday, December 25, 2021

The Stupid Dumbasses of Apple - Why Can't You Fix Something So Basic?

You're listening on your earbuds and bend to lace your shoes and, boom! the volume is pounding in your ears because your handkerchief pressed on the volume up button. Idiots! Samsung doesn't do this - they warn you about hearing damage.

If you want to go over 50%, why not require the use of the GUI?

Idiots of Apple. Screw the need for features. Quality is all you need.

Wednesday, November 17, 2021

Superman David Rabin and Jim Kwik on Stress Management

 Fluffy, but you might get something..

Gratitude

Count your blessings in the morning, write down, don't type :)

Forgiveness

Think about yourself as if you are your best friend. People make mistakes and that's how you learn

Compassion

what did he say?

Love

wha?

He doesn't do a good job of breaking the pillars into specific actions you can take - aside from the gratitude journal.

David also created the Apollo - that uses vibrations to increase your feeling of safety and reduce anxiety.



Tuesday, October 12, 2021

Attending a Zoom and a Teams Meeting Simultaneously

 You want to mute one or the other selectively. How?

Warning - since Teams is from M$FT, it works reliably. With Zoom, there could be some pain. I found the mute button ineffective with Zoom and left the webinar and re-joined and then had two Zooms in the Volume Mixer and one of them worked to mute :)



Thanks : https://allthings.how/how-to-mute-microsoft-teams-audio/

Friday, September 17, 2021

Learning from the Best : Nick Furneaux - How to hack RAM, What I Learned from Israel's Unit 8200

https://www.csitech.co.uk/training/ram-analysis/

Advanced RAM Analysis and Forensics - 4 Day Course for about $2300.

We are pleased to announce the updated 2021 4 day Advanced RAM Analysis

course.

As before the course is primarily hands on but provides much more flexibility. A significant time is spent in advanced memory data extraction and analysis techniques including reconstruction of file systems, password location, decryption and deconstruction of memory resident Malware such as Stuxnet.

Also interesting, is creating and scripting your own memory analysis toolkit.

A 32 GIG ruggedized USB key (download for online course) is supplied for each student to keep with all software and RAM dumps.

Syllabus

• Live Forensic procedures

• Live Windows RAM imaging (Cmd line and GUI based)

• Imaging Linux RAM

• Imaging Intel Mac’s (OSX)

• Testing downloaded tools

• Creating and scripting your own toolkits

• Script disk imaging

• Scripting memory imaging

• Volatile data extraction

• Reverse copying key files and folders

• Advanced Memory (RAM) analysis

• Extraction of data to enhance a disk investigation

• Extraction of elements such as Internet History, timelines and

passwords

• Extracting data from Hiberfil and Crashdump files

• Recreating the entire file system with automated forensic data

extraction

www.csitech.co.uk

• Using Volatility to extract:-

▪ Running processes

▪ Open network sockets

▪ Open network connections

▪ DLLs loaded for each process

▪ Open files for each process

• Finding HTML pages in a Browser process

▪ Open registry handles for each process

▪ Extracting process spaces with their associated files

▪ OS kernel modules

▪ Mapping physical offsets to virtual addresses (strings to

process)

▪ Understanding the PEB

▪ Understanding the VAD

▪ Extracting executables from memory samples

▪ Extracting and analysing operating system files

▪ Extracting and analysing user files

▪ Extracting the MFT

▪ Virus checking RAM dumps

▪ Extraction of network packet data and analysis

• Enhanced network analysis

• New Decryption section

▪ Hands-on extraction of Truecrypt and Veracrypt Master

Keys and container decryption

▪ Hands-on extraction of Bitlocker Master Keys and drive

decryption

▪ Cracking of OSX Keychain without password

• New Malware section

▪ ID’ing suspect processes

▪ Following the malware into Services and Registry

▪ Mapping the IP connections

▪ Extraction of the malware and analysis

▪ Deconstruction of Stuxnet

▪ Understanding what the Malware is doing

▪ Much more…

• New Registry Section

▪ Location and extraction of specific registry keys

▪ Extracting the SAM and decrypting passwords

▪ Finding other passwords

▪ Locating useful keys (TypedURLS, System info etc)

▪ Again, loads more

www.csitech.co.uk

• OSX Memory analysis

▪ Data carving

▪ Process recovery

▪ New Volatility commands

• Linux RAM investigation

▪ Data carving

▪ Recovering processes

▪ Login sessions

▪ Network information

▪ Routing tables

▪ Malware investigation

• Creating your own RAM analysis script to take away

• Final day practical exam and review

To discuss your training needs, or to organize a course, please contact Nick

Furneaux – nick@csitech.co.uk

Friday, September 10, 2021

How You Should View Images with the Public Library's Read-In-Browser App

I'm thinking it is powered by Overdrive (why they're getting worse with each year is beyond me).

Here's what you do :

  1. Get your mouse over the image (no clicking yet) and wait for the "Zoom image" tooltip to show.
  2. Now, click and HOLD, don't just click and release as that'll navigate!
  3. Once it's gone into image view mode, you can use your scroll wheel to get more detail by zooming in.

Like?

The app seems to be so buggy that this doesn't always work :(

Thursday, September 09, 2021

BellingCat : Holding the World Accountable

Data mining exposes spikes in communication among perpetrators in Russia's military establishment ahead of key events, like the Navalny poisoning. These are the detectives making sure the world knows about Russia's crimes against humanity.

https://www.economist.com/podcasts/2021/08/10/how-open-source-intelligence-is-disrupting-statecraft

https://www.bellingcat.com/

Watch the lovely Alice Himsworth (Senior Legal Counsel @ Google) chat the founder Elliot Higgins : https://www.youtube.com/watch?v=rqsfOz9fdmQ

Buy the book (don't worry, I get nothing :) : https://www.amazon.com/We-Are-Bellingcat-Global-Sleuths/dp/1635577306


Monday, August 09, 2021

Is there Such a Thing as WSL Terminal?

I love the thing, but, wanting it today for a new PC, couldn't find it.

What I did find, M$ has made the WSL installation much simpler - just a simple command in powershell.

So, where do you find "WSL terminal" which beats the crappy thing they call "bash" :

https://github.com/mintty/wsltty

It's wsltty, or mintty.

Enjoy.

Thursday, February 25, 2021

Never Again : Use Windows to Copy a Large File

Does it happen only to me? You do the good old drag and drop thing and you get a dialog telling you the percent completion. Problem is, with a large file, when it hangs, even if things are going on okay without you knowing it, you're mostly hosed. You kill the copy and then go to that directory and see most of the file has been copied, but you'd never guess. A waste of effort anyway.

What's better? Some form of linux - like the WSL - but, even Git bash might be your friend here. Why? Because because GiT and Windows are best friends ever since you know what. So, you can right click on the source folder in File Explorer, and say "Git bash here" and open up a terminal in that folder - not having to guess what to use to get there in unix - seriously, how would you know it needs to be //tsclient/C/Users/whatever?

When? You downloaded a large file onto one PC but now you want it on another one and don't have a USB stick large enough to get the entire season of House there.. So, you use Remote Desktop Connection into the destination PC, and, in that PC, you now find your folder and say Git bash here and then copy to /c/Users/<name>/wherever... and that's much more reliable - so much smoother when you stay command-line.