Skip to content

7h4nd5RG0d/Forensics

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

296 Commits
Automobile(Car) Hacking
Automobile(Car) Hacking
 
 
Memory
Memory
 
 
Networking
Networking
 
 
RF
RF
 
 
Steganography
Steganography
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Forensics

Forensics in a nutshell

Networking CTF Writeups -->

https://github.com/7h4nd5RG0d/Forensics/tree/main/Networking

Steganography CTF writeups -->

https://github.com/7h4nd5RG0d/Forensics/tree/main/Steganography

Memory CTF Writeups -->

https://github.com/7h4nd5RG0d/Forensics/tree/main/Memory

RF CTF Writeups -->

https://github.com/7h4nd5RG0d/Forensics/tree/main/RF

TOOLS:

  1. Wireshark/tshark(KALI)
  2. piet estoric language decoder --> https://www.bertnase.de/npiet/
  3. Network Miner --> https://www.netresec.com/?page=NetworkMiner
  4. PDFstreamdumper --> http://sandsprite.com/blogs/index.php?uid=7&pid=57
  5. HxD
  6. qpdf(KALI) -->https://github.com/qpdf/qpdf
  7. Autopsy
  8. FTK imager
  9. Firefox Password --> https://github.com/lclevy/firepwd
  10. Python installer retreiveal from EXE --> https://github.com/extremecoders-re/pyinstxtractor
  11. Python decompiler --> https://github.com/rocky/python-uncompyle6
  12. Silenteye --> https://achorein.github.io/silenteye/download/?i2
  13. Chainsaw --> https://github.com/WithSecureLabs/chainsaw
  14. Windows Defender Quarantine Decryptor --> https://github.com/zam89/Windows-Defender-Quarantine-File-Decryptor
  15. Code decompiler(C# for malware analysis) --> https://github.com/icsharpcode/AvaloniaILSpy/releases
  16. .evtx to JSON for better parsing --> https://github.com/omerbenamram/evtx/releases
  17. MFT parser --> https://aboutdfir.com/toolsandartifacts/windows/mft-explorer-mftecmd/2/
  18. 7-zip File Manager
  19. pffexport(KALI) --> https://www.venea.net/man/pffexport(1)
  20. regripper(KALI) --> https://github.com/keydet89/RegRipper4.0
  21. Amcache Parser --> https://f001.backblazeb2.com/file/EricZimmermanTools/AmcacheParser.zip
  22. Registry Explorer --> https://www.sans.org/tools/registry-explorer/
  23. MFTecmd --> https://www.sans.org/tools/mftecmd/
  24. NTFS log tracker -->https://sites.google.com/site/forensicnote/ntfs-log-tracker
  25. SQlite db browser
  26. Acropalypse( CVE of cropping images) --> https://github.com/frankthetank-music/Acropalypse-Multi-Tool
  27. Analyzing .DMP files(Mimikatz in python) --> https://github.com/skelsec/pypykatz
  28. Mozilla forensic tool --> https://github.com/Busindre/dumpzilla
  29. Prefetch Explorer --> https://github.com/EricZimmerman/PECmd?tab=readme-ov-file
  30. Prefetch cmdline --> https://github.com/dfir-scripts/prefetchruncounts (for pyscca --> https://pypi.org/project/libscca-python/#files)
  31. Shellbag Explorer --> https://ericzimmerman.github.io/#!index.md
  32. Jumplist explorer --> https://ericzimmerman.github.io/#!index.md
  33. Windbg --> http://www.windbg.org/
  34. Keepass Dumper(CVE-2023-32784) --> https://github.com/vdohney/keepass-password-dumper
  35. gittools --> https://github.com/internetwache/GitTools
  36. minecraft chunks/maps --> https://www.spigotmc.org/resources/chunky.81534/
  37. twitter secret messages --> https://holloway.nz/steg/
  38. impacket (dumping secrets from NTDS,SYSTEM,SECURITY,SOFTWARE) --> https://github.com/fortra/impacket#quick-start
  39. inspectrum --> https://github.com/miek/inspectrum
  40. gnuradio --> https://wiki.gnuradio.org/index.php/WindowsInstall
  41. gqrx --> https://www.gqrx.dk/download
  42. Sonic Visualizer
  43. Audacity
  44. fontforge --> https://fontforge.org/en-US/downloads/windows/
  45. Fonts debugging using otf2fea --> pip install fontFeatures
  46. .NET disassmblt -> Andriod studio dotpeek
  47. RDP Bitmap Cacher -> https://github.com/ANSSI-FR/bmc-tools/
  48. eaphammer(WIFI) -> https://github.com/s0lst1c3/eaphammer

Resources:

  1. File Signatures --> https://en.wikipedia.org/wiki/List_of_file_signatures
  2. https://docs.fileformat.com/executable/
  3. Windows Defender --> https://reversingfun.com/posts/how-to-extract-quarantine-files-from-windows-defender/
  4. TCP using nmap --> https://nmap.org/book/scan-methods-null-fin-xmas-scan.html
  5. Volatility notepad dumping(VAD--Windbg) --> https://infosecwriteups.com/extracting-an-unsaved-memory-content-by-walking-through-windows-heaps-but-how-6992589d872e
  6. Volatility Cheatsheet --> https://blog.onfvp.com/post/volatility-cheatsheet/
  7. HTB --> https://app.hackthebox.com/
  8. Labs --> https://github.com/frankwxu/digital-forensics-lab/tree/main
  9. Memlabs --> https://github.com/stuxnet999/MemLabs#tools-and-frameworks-hammer_and_wrench
  10. DFIR --> https://aboutdfir.com/education/challenges-ctfs/
  11. DFIR --> https://www.dfir.training/books/2023
  12. tryhackme --> https://tryhackme.com/
  13. ctflearn --> https://ctflearn.com/
  14. Splunk --> https://bots.splunk.com/event/3oQ7sqI5bajOCP43o0svqT/detail
  15. Lsass ==> https://github.com/mazyaar/lsass_memory?tab=readme-ov-file#file-monitoring
  16. Browser Exploitation Framework ->https://www.stationx.net/beef-hacking-tool/

About

Forensics in a nutshell

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages