DRIF wyliczenie hash rekursywnie w windows

13 August 2018



current folder: dir | Get-FileHash

current folder and subfolders: dir -recurse | Get-FileHash

exclude *.log files: dir -recurse -exclude *.log | Get-FileHash

Note, default hashing algorithm is SHA256. You can use any of: MD5, SHA1, SHA256 (default), SHA384, SHA512, MACTripleDES, RIPEMD160:

dir -recurse -exclude *.log | Get-FileHash -Algorithm SHA512

more details: Get-Help Get-FileHash

current folder and subfolders: long line wrap:  dir -recurse | Get-FileHash | Format-Table -Wrap

Forensic Timeline

12 August 2018

Source: https://www.andreafortuna.org/dfir/forensic-timeline-creation-my-own-workflow/

Required tools

Sleutkit

Sleuth Kit is a collection of command line tools that allows you to analyze disk images.

https://www.sleuthkit.org/sleuthkit/

Volatility

The well-known open source memory forensics framework for incident response and malware analysis.

http://www.volatilityfoundation.org/

log2timeline

A tool designed to extract timestamps from various files found on a typical computer system(s) and aggregate them.

https://github.com/log2timeline/plaso


Timeline creation

The traditional timeline analysis is generated using data extracted from the filesystem, enriched with information gathered by volatile memory analisys.
The data are parsed and sorted in order to be analyzed: the end goal is to generate a snapshot of the activity done in the system including its date, the artifact involved, action and source.

Here the steps, starting from a E01 dump and a volatile memory dump:

  1. Extract filesystem bodyfile from the .E01 file (physical disk dump):
    fls -r -m Evidence1.E01 > Evidence1-bodyfile
  2. Run the Timeliner plugin against volatile memory dump using volatility, after image identification:
    vol.py -f Evidence1-memoryraw.001 --profile=Win7SP1x86 timeliner --output=body --outputfile=Evidence1-timeliner.body
  3. Combine the timeliner output file with the filesystem bodyfile
     cat Evidence1-timeliner.body >> Evidence1-bodyfile
  4. Extract the combined filesystem and memory timeline
    mactime -d -b Evidence1-bodyfile 2012-04-02..2012-04-07 > Evidence1-mactime-timeline.csv
  5. Optionally, filter data using grep and applying the whitelist
    grep -v -i -f Evidence1-mactime-timeline.csv > Evidence1-mactime-timeline-final.csv

 


Supertimeline creation

The super timeline goes beyond the traditional file system timeline creation based on metadata extracted from acquired images by extending it with more sources, including more artifacts that provide valuable information to the investigation.

The technique was published in June 2010, on the SANS reading room, in a paper from Kristinn Gudjonsson as part of his GCFA gold certification.

Three simple steps starting from a E01 dump:

  1. Gather timeline data
    log2timeline.py plaso.dump Evidence1.E01
  2. Filter the timeline using psort.py
    psort.py -z "UCT" -o L2tcsv plaso.dump "date > '2012-04-03 00:00:00' AND date < '2012-04-07 00:00:00'" -w plaso.csv
  3. Optionally filter data using grep and applying the whitelist
    grep -v -i -f whitelist.txt plaso.csv > supertimeline.csv

 

In the next article i will propose my method for timeline analysis.


References

Kategorie Tools, Inspirations, CTF

Hacking Sites, CTFs and Wargames

8 August 2016

InfoSec skills are in such high demand right now. As the world continues to turn everything into an app and connect even the most basic devices to the internet, the demand is only going to grow, so it’s no surprise everyone wants to learn hacking these days.

 

However, almost every day I come across a forum post where someone is asking where they should begin to learn hacking or how to practice hacking. I’ve compiled this list of some of the best hacking sites to hopefully be a valuable resource for those wondering how they can build and practice their hacking skill set. I hope you find this list helpful, and if you know of any other quality hacking sites, please let me know in the comments, so I can add them to the list.

1. CTF365

On CTF365 users build and defend their own servers while launching attacks on other users’ servers. The CTF365 training environment is designed for security professionals who are interested in training their offensive skills or sysadmins interested in improving their defensive skills. If you are a beginner to infosec, you can sign up for a free beginner account and get your feet wet with some pre-configured vulnerable servers.

2. OverTheWire

OverTheWire is designed for people of all experience levels to learn and practice security concepts. Absolute beginners are going to want to start on the Bandit challenges because they are the building blocks you’ll use to complete the other challenges.

3. Hacking-Lab

Hacking-Lab provides the CTF challenges for the European Cyber Security Challenge, but they also host ongoing challenges on their platform that anyone can participate in. Just register a free account, setup vpn and start exploring the challenges they offer.

4. pwnable.kr

pwnable.kr focuses on ‘pwn’ challenges, similar to CTF, which require you find, read and submit ‘flag’ files corresponding to each challenge. You must use some sort of programming, reverse-engineering or exploitation skill to access the content of the files before you are able to submit the solution.

They divide up the challenge into 4 skill levels: Toddler’s Bottle, Rookiss, Grotesque and Hacker’s Secret. Toddler’s Bottle are very easy challenges for beginners, Rookiss is rookie level exploitation challenges, Grotesque challenges become much more difficult and painful to solve and, finally, Hacker’s Secret challenges require special techniques to solve.

5. IO

IO is a wargame from the createors of netgarage.org, a community project where like-minded people share knowledge about security, AI, VR and more. They’ve created 3 versions, IO, IO64 and IOarm, with IO being the most mature. Connect to IO via SSH and you can begin hacking on their challenges.

6. SmashTheStack

SmashTheStack is comprised of 7 different wargames – Amateria, Apfel (currently offline), Blackbox, Blowfish, CTF (currently offline), Logic and Tux. Every wargame has a variety of challenges ranging from standard vulnerabilities to reverse engineering challenges.

7. Microcorruption

Microcorruption is an embedded security CTF where you have to reverse engineer fictional Lockitall electronic lock devices. The Lockitall devices secure the bearer bounds housed in warehouses owned by the also fictional Cy Yombinator company. Along the way you’ll learn some assembly, how to use a debugger, how to single step the lock code, set breakpoints, and examine memory all in an attempt to steal the bearer bonds from the warehouses.

8. reversing.kr

reversing.kr has 26 challenges to test your cracking and reverse engineering abilities. The site hasn’t been updated since the end of 2012, but the challenges available are still valuable learning resources.

9. Hack This Site

Hack This Site is a free wargames site to test and expand your hacking skills. It features numerous hacking missions across multiple categories including Basic, Realistic, Application, Programming, Phonephreaking, JavaScript, Forensic, Extbasic, Stego and IRC missions. It also boasts a large community with a large catalog of hacking articles and a forum for to have discussions on security related topics. Finally, they’ve recently announced they are going to be overhauling the dated site and codebase, so expect some big improvements in the coming months.

10. W3Challs

W3Challs is a pentesting training platform with numerous challenges across different categories including Hacking, Cracking, Wargames, Forensic, Cryptography, Steganography and Programming. The aim of the platform is to provide realistic challenges, not simulations and points are awarded based on the difficulty of the challenge (easy, medium, hard). There’s a forum where you can discuss and walkthrough the challenges with other members.

11. pwn0

pwn0 is the VPN where (almost) anything goes. Go up against pwn0bots or other users and score points by gaining root on other systems.

12. Exploit Exercises

Exploit Exercises provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.

13. RingZer0 Team Online CTF

RingZer0 Team Online CTF offers a ton of challenges, 234 as of this post, that will test your hacking skills across multiple categories including Cryptography, Jail Escaping, Malware Analysis, SQL Injection, Shellcoding and more. After you successfully complete a challenge, you can write up your solution and submit it to the RingZer0 Team. If your write up is accepted, you’ll earn RingZer0Gold which can be exchanged for hints during future challenges.

14. Hellbound Hackers

Hellbound Hackers offers traditional exploit challenges, but they also offer some challenges that others don’t such as web and app patching and timed challenges. The web and app patching challenges have you evaluating a small snippet of code, identifying the exploitable line of code and suggesting a the code to patch it. The timed challenges have the extra constraint of solving the challenge in a set amount of time. I thought these two categories were a cool differentiator from most other CTF sites.

15. Try2Hack

Try2Hack provides several security oriented challenges for your entertainment and is one of the oldest challenge sites still around. The challenges are diverse and get progressively harder.

16. Hack.me

Hack.me is a large collection of vulnerable web apps for practicing your offensive hacking skills. All vulnerable web apps are contributed by the community and each one can be run on the fly in a safe, isolated sandbox.

17. HackThis!!

HackThis!! is comprised of 50+ hacking levels with each worth a set number of points depending on its difficulty level. Similar to Hack This Site, HackThis!! also features a lively community, numerous hacking related articles and news, and a forum where you can discuss the levels and a security related topics that might be of interest to you.

18. Enigma Group

Enigma Group has over 300 challenges with a focus on the OWASP Top 10 exploits. They boast nearly 48,000 active members and host weekly CTF challenges as well as weekly and monthly contests.

19. Google Gruyere

Google Gruyere shows how web application vulnerabilities can be exploited and how to defend against these attacks. You’ll get a chance to do some real penetration testing and actually exploit a real application with attacks like XSS and XSRF.

20. Game of Hacks

Game of Hacks presents you with a series of code snippets, multiple choice quiz style, and you must identify the correct vulnerability in the code. While it’s not nearly as in depth as the others on this list, it’s a nice game for identifying vulnerabilities within source code.

21. Root Me

Root Me hosts over 200 hacking challenges and 50 virtual environments allowing you to practice your hacking skills across a variety of scenarios. It’s definitely one of the best sites on this list.

22. CTFtime

While CTFtime is not a hacking site like the others on this list, it is great resource to stay up to date on CTF events happening around the globe. So if you’re interested in joining a CTF team or participating in an event, then this is the resource for you.

 

 

source: https://hackerlists.com/hacking-sites/

Protection of system security

3 November 2015

CTF writeups from P4 Team

19 October 2015

https://github.com/p4-team/ctf/blob/master/2015-10-18-hitcon/

https://github.com/p4-team/ctf

 

Gra w hakowanie

checkmarx | 7 June 2015
http://www.gameofhacks.com/
Kategorie Free Thinking, CTF

BURP i “Received fatal alert: handshake failure”

24 May 2015
  1. Download "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 Download" (in my case -Java is 8)
  2. unpack files local_policy.jar and US_export_policy.jar into %JAVA_HOME%\lib\security
  3. restart BURP
Kategorie Free Thinking, CTF

Narzędzia CTF #1

18 May 2015

https://github.com/zardus/ctf-tools

Zawiera:

Category Tool Description
binary afl State-of-the-art fuzzer.
binary barf Binary Analysis and Reverse-engineering Framework.
binary bindead A static analysis tool for binaries.
binary checksec Check binary hardening settings.
binary crosstool-ng Cross-compilers and cross-architecture tools.
binary gdb Up-to-date gdb with python2 bindings.
binary peda Enhanced environment for gdb.
binary preeny A collection of helpful preloads (compiled for many architectures!).
binary villoc Visualization of heap operations.
binary qemu Latest version of qemu!
binary pwntools Useful CTF utilities.
binary python-pin Python bindings for pin.
binary radare2 Some crazy thing crowell likes.
binary shellnoob Shellcode writing helper.
binary taintgrind A valgrind taint analysis tool.
binary qira Parallel, timeless debugger.
binary xrop Gadget finder.
binary rp++ Another gadget finder.
forensics binwalk Firmware (and arbitrary file) analysis tool.
forensics dislocker Tool for reading Bitlocker encrypted partitions.
forensics firmware-mod-kit Tools for firmware packing/unpacking.
forensics testdisk Testdisk and photorec for file recovery.
forensics pdf-parser Tool for digging in PDF files
crypto cribdrag Interactive crib dragging tool (for crypto).
crypto hashpump A tool for performing hash length extension attaacks.
crypto hashpump-partialhash Hashpump, supporting partially-unknown hashes.
crypto hash-identifier Simple hash algorithm identifier.
crypto littleblackbox Database of private SSL/SSH keys for embedded devices.
crypto pemcrack SSL PEM file cracker.
crypto reveng CRC finder.
crypto sslsplit SSL/TLS MITM.
crypto python-paddingoracle Padding oracle attack automation.
crypto xortool XOR analysis tool.
web burp Web proxy to do naughty web stuff.
web dirs3arch Web path scanner.
web sqlmap SQL injection automation engine.
stego sound-visualizer Audio file visualization.
stego stegdetect Steganography detection/breaking tool.
stego steganabara Antoher image steganography solver.
stego stegsolve Image steganography solver.
android APKTool Dissect, dis-assemble, and re-pack Android APKs
Kategorie CTF

Zaawansowane zgadywanie XOR

4 May 2015

Narzędzie do wykorzystania przy dotępności pythona ale tylko w wersji 2.X  https://github.com/hellman/xortool

lub online http://wiremask.eu/tools/xor-cracker/ - chodź działa słabiej

Kategorie Python, Tools, CTF

XOR w CTF oraz sanbox PHP

4 May 2015

Funkcja pomagająca wyszukać XOR'a

Oraz online php sandbox http://sandbox.onlinephpfunctions.com/


function xor_this($string,$int) {

// Let's define our key here
 $key = chr($int) ;

 // Our plaintext/ciphertext
 $text =$string;

 // Our output text
 $outText = '';

 // Iterate through each character
 for($i=0;$i<strlen($text);)
 {
     for($j=0;$j<strlen($key);$j++,$i++)
     {
         $outText .= $text{$i} ^ $key{$j};
         //echo 'i='.$i.', '.'j='.$j.', '.$outText{$i}.'<br />'; //for debugging
     }
 }  
 return $outText;
}

$base64 = "";
$encoded = base64_decode($base64 );



for ($x=1; $x<256; $x++)
{
$phase = xor_this($encoded  ,$x);
echo "key = ".$x." : ".$phase ."\r\n";
echo "----------------------------------------------------------------\r\n";
}

 

Rozwal.TO

3 May 2015

Nowy portal zawierający zadania z zakresu łapania flagi.

Zakres od super łatwego do super trudnego ...

moje konto: https://rozwal.to/profile/TomWo

Kategorie Free Thinking, CTF