How to track file system changes with Python3

File integrity in IT refers to the process of protecting a file from unauthorized changes, including cyber-attacks. In other words, a file’s ‘integrity’ is validated to determine whether or not it has been altered after its creation, curation, archiving or other qualifying event. This is why track file system changes is a very important step … Read more

Windows Forensics. AppData Cache analysis using sqlite3reader

Each server administrator copies some data in clipboard while doing configuration. This is why cache analysis or I context of the article clipboard forensics may bring unexcepted interesting information. It work another way, threat analytic should consider using clipboard analysis performing regular or, in bad scenario, post mortem investigation. Our sqlite3reader was developed to make … Read more

Windows privilege escalation: Unquoted Service Path

🤓Title: Windows privilege escalation: Unquoted Service Path 🤓Vulnerability: privilege escalation 🤓Description: In Microsoft Windows when a service whose executable path contains spaces and isn’t enclosed within quotes, leads to a vulnerability known as Unquoted Service Path. The processthreadsapi.h creates a new process and its primary thread. The new process runs in the security context of the … Read more

Steganography for hackers. Part 1: Alternate Data Stream

Steganography is the practice of concealing information within another message or physical object to avoid detection. This is well known technique used for hiding data, including text, image, video, or audio content inside another content. That hidden data is then might be easy extracted at its destination. Under Windows OS, the NTFS file system has a … Read more

Windows Exploit Suggester with WES-NG and Python3

Hi, folks. Today, I will show you the way to explore potential thread vectors and then security breaches on Windows OS with well-known awesome framework Windows Exploit Suggester. What is the Windows Exploit Suggester? This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the … Read more