2022-02-22 -  During any incident investigation on a Linux system, one of the most valuable things for responders and forensicators to establish is which commands were run. This is key to finding out what an attacker or malicious user was attempting to do, and what remediation activities are required. The .bash_history file,...

2022-01-08 -  Here’s one more writeup from the SANS Holiday Hack Challenge! The slot machine hack was one of the showpiece challenges this year, so I thought I’d put together a quick blog post to guide you through the process of identifying and exploiting a vulnerability in the game. The challenge Our...

2022-01-08 -  Over the Christmas break I took part in an annual tradition - the SANS Holiday Hack Challenge! For 2021 the team had put together a fresh set of challenges for this festive CTF, and now that the deadline for submissions and subsequent embargo has passed, I thought I’d share a...

2021-05-03 -  I’m still hard at work on Backutil, my simple Windows backup utility with automatic rotation features, fitting in little tweaks and improvements around my daily schedule. The latest of these - and perhaps the most impactful in terms of performance - involves the implementation of multiprocessing for several parts of...

2021-05-01 -  Splunk is considered the gold standard for analysis of event logs and other data, but unless you’re lucky enough to work for an organisation that pays for it, it can be difficult to get practical experience in how to run searches, build dashboards, and otherwise dissect data using its query...

2021-04-02 -  Most computer users assume that when they delete a file and empty the Recycle Bin, it’s gone forever. After all, if Windows doesn’t show us a file, it doesn’t exist anymore, right? Wrong. With the right tools and knowledge, forensics experts can find fragments - or even complete versions -...

2021-03-26 -  This post is something of a development diary for Backutil - my Python-based utility for backing up files from Windows systems. I published the first version of Backutil (v0.51) at the beginning of 2021, and pushed a small update (v0.52) to fix some minor issues in February. As of v0.52,...

2021-01-01 -  Back in the spring, I decided that 2020 would be the year I would finally see a coding project through to completion. A recent work project shone a light on backup and recovery, and I realised that I should probably be a bit more consistent with my own backups from...

2020-12-22 -  One of the few upsides of the whole 2020 situation is that I’ve had a lot more time to read. Periods that I would usually have spent commuting, out with friends, or cramming in chores between getting home and going to bed became downtime that I could devote to good...

2020-11-20 -  My first Amazon Web Services (AWS) basics post covered the process of setting up a Virtual Private Cloud (VPC) and a Windows Server 2019 EC2 instance. This time we’re going to build on this simple setup by deploying a Amazon Aurora SQL database and ensuring we can access it from...