Caveat: A lot of the resources mentioned below are quite old, as a result, Your Mileage May Vary.
I’m starting to take a deep dive into EnScript in EnCase, and I was lamenting the lack of freely available resources, but lo and behold Today I struck gold and found a few resources that had escaped my attention before now, so I thought I’d do a quick post collating what I found.
Then of course you have Simon Key’s Github page which hosts a few EnScript samples. Simon Key is a “Sr. Principal Courseware Developer at OpenText” according to his LinkedIn page, so you should be able to learn from his samples how an EnScript should be.
I was recently presented with a packet capture file to perform some forensics on it as a challenge and see if I could find the hidden message. Naturally, it being a packet capture I fired up Wireshark only to be faced with a very bland single colour screen, quite different from the usual network captures most would be used to when using Wireshark (see Figure 1 below). There was none of the usual indication of different protocols broken down by colour. This was going to be a different type of challenge, and one I was going to learn a lot from, I knew I would enjoy it, and I sure did!
Yesterday, with 3 days left on my deadline, I completed the GIAC Open Source Intelligence certifications exam with a score of 91%. Needless to say I was pretty delighted. I’m still unsure which of the following questions had the biggest impact on my certification exam result: Was the exam too easy? Did I prepare very well? Was the training provided so good that it was inevitable?
I’m leaning towards a combination of the training and my preparation. To be fair the “SANS SEC487 Open-Source Intelligence (OSINT) Gathering and Analysis” covered a breadth and depth of topics, and covered them well. A series of books are made available to course participants, one for each day of the course, and since the exam is open book, these materials are vital to your success in the exam. I did learn many new tools and techniques. However, if you’re a seasoned OSINTer you may find the course a bit foundational and remedial and it might be better to do one of their more advanced courses. But in terms of how I scored so well, as you might expect, every question asked in the exam could be answered from the pages of the training materials.
This brings me to my preparation, the books provided are between 140 to 180 pages each. Needless to say you can’t page through those materials for each of the 75 questions you get asked in the 2 hours you have to do the exam. So a big shout out has to go to Lesley Carhart for her blog post on her “Pancakes Index System”. It would not have been possible to efficiently work through the materials without an index, and I went with the Pancakes Index System, and it definitely worked and ended up looking like this:
Following the putting together of my index, I then completed the two practice tests. The practice tests were very close to the actual exam in terms of the format of the questions and provided great preparation for the exam itself.
And there you have it. A great course with a great instructor @dutch_osintguy in my case, and enthusiastic class mates led to a great experience and now, thankfully, another successfully completed certification exam.
So you’re set up on Github, and being the privacy conscious person you are you have Two Factor Authentication turned on. You’ve added a personal access token so that you can push from repos from a machine. Now you have a new install of Git on some flavour of Linux and you want to configure Git on the command line to be as frictionless as possible while you’re using it, while still remaining secure. What you really need for this is to set up credential caching so that you won’t need to enter your password every time you run git push. Let’s explore this and some other initial configuration steps that will make use of Git that much easier.
I’m not going to lie, I hadn’t heard of bookmarklets until earlier this year at one of the SANS summits. They were quite the revelation. Their potential at automating collection and analysis of data was very obvious and very powerful. However, up until Today I hadn’t come across a compelling reason to make a bookmarklet. If you already know what bookmarklets are skip the next section to see what I made.
What are bookmarklets anyway?
So you need a timeline chart and you need it for work. No worries, services exist for creating beautiful charts online, Lucidchart being one of the best examples (not a sponsor). But… You need the chart for work, you need it to contain sensitive data for internal use only, you may even need to include the dreaded PII (Personally Identifiable Information).
Now, are any of these chart producing services going to leak your data? It’s not likely to be honest. Am I saying don’t trust Lucidchart for example? Not necessarily. But I am particularly sensitive to the risk of data leaks due to having come from a Law Enforcement background where a PII leak could lead to loss of employment. Also I have recently completed a course in Cyber Security. These are both huge factors in my sensitivity to the risk of a data breach that could occur by using a third party service. Just think, if Lucidchart were to suffer a breach that in turn led to breach of data contained in charts created by you on that service, you might in turn also have to report a breach, it’s all very complicated at that stage.
The solution? Roll your own, read on for a relatively easy way to create your own timeline chart without ever having to reach out to an online service with data you don’t want exposed.
This is a quick post in relation to where you could find sources of Data to run experiments and code on. It was inspired by a talk during the week that spoke about some open data initiatives. It reminded me of my search for data when I started out, in the end I abandoned working on any of the sources in favour of taking on a course of study in Cyber Security, that’s a year I’ll never get back!
However, I had done a little groundwork, the course is over and these sources may well be of use to someone so I’ll make a quick post about them.
This shouldn’t take long, I’m posting it mainly because I didn’t see the answer available when I went searching earlier, at least not an answer specifically referencing Parrot OS.
This week I’ve been doing a bit of tinkering with Microsoft’s hypervisor offering, Hyper-V. I installed Kali Linux first, but there was not full-screen option, what gives? Luckily, there was a very good answer to the problem in Kali’s own documentation. Like magic it worked. I turned on the VM started browsing a few sites and it quickly became a bad browsing experience. I don’t know which part of the system was letting me down but tabs were crashing left, right and centre (not a misspelling by the way, no matter what WordPress thinks).
My next step was to try a different version of Linux, so I went with a similar distro to Kali, Parrot OS. Guess what? No full screen yet again. And I couldn’t find a single reference online that had reported a solution. However, both Parrot OS and Kali Linux are Debian derived, I wonder???