RegRipper is a collection of powerful perl scripts that allow to dump the content of a registry hive file into readable text. RegRipper relies on a plugin mechanism. Hence in this post I will show how to create your own plugin for RegRipper. The example will be very basic, and will extract the value of the Current ControlSet.
ReadThe Windows Registry is a kind of database that stores a lot of important configuration parameters for Windows and installed applications. The specific of this database is that the data is actually stored in different files called hives. One of these is the SAM (Security Account Manager) hive, which stores, among others, user passwords. Let’s explore this hive a little..
ReadSysinternals is a collection of powerful utilities for Windows. They can be used by system administrators to perform local or remote system administration, and also by analysts to perform some forensics tasks. The tools were originally developed by Mark Russinovich, and are now maintained by Microsoft. Here is how to install them…
ReadEric Zimmerman has written a collection of powerful forensics analysis tools. The installation process requires some work, but here is a step by step guide to install the tools on a Windows 11 computer.
ReadDocker containers have become widely used to deploy and maintain critical parts of infrastructure. The problem is that sometimes some of the containers running may interfere with other parts of the network.
ReadToday a lot of tools and scripts are written in Python (or in Go, let’s be honest). If you want to run these on your Windows computer, well you’ll have to install Python. But between the different versions, the libraries, and managing the PATH, the task can be quite of a challenge! In this blog post we show how Anaconda can help…
ReadAs I mentioned in the previous blog posts on the subject of the GHOSTS framework, I often use virtual machines to set up and run my tests. In the case of GHOSTS, i have the main GHOSTS server API running on a Linux VM with docker and docker-compose, and the GHOSTS client is running on a Windows 10 virtual machine. If you are interested to read about it, you can find the previous blogs at the following links:
ReadFor years, there has been an OS war between Linux, Windows and macOS for dominance. Each side would vehemently defend their OS of choice and disregard any positive sides of their “opponents”. Of course, each operating system has its benefits and drawbacks and it is not my job or place to say which is the best.
Read