Jaacostan

 Information Technology Service Management (ITSM) Processes. 1) Service Request Management Focuses on requests and responses for the IT help-desk items. The processes should be established and uniform. To reduce the workload on agents, organization may consider implementing self service options or chat-bots. 2) Service Catalogs Generally Service Catalogs is a central location/webpage with all the details for contacting the help-desk. It may also contain the self service options and solutions for common problems/issues. 3) Knowledge,Policy and Procedures. This is the knowledge base which controls the collection, maintenance and distribution of information sharing throughout the organization. It shall include the policies, standards, guidelines and the operating procedures for each process or tasks. 4) Incident Management. Defines process on how to handle a situation when an incident happens and how to fix the situation in an accelerated and organized manner. The objective is to reduce t

When you do malware analysis of documents or office files, it is important to have Microsoft Office installed in your Lab machine. I am using flare VM and it doesn't comes with MS Office. Since Microsoft is promoting Microsoft 365 over the offline version, finding the offline installer is not that easy. Here is the list of genuine Microsoft links to download the office .img files.  Download Microsoft Office 2019 Professional Plus : https://officecdn.microsoft.com/db/492350F6-3A01-4F97-B9C0-C7C6DDF67D60/media/en-US/ProPlus2019Retail.img Download Microsoft Office 2019 Professional : https://officecdn.microsoft.com/db/492350F6-3A01-4F97-B9C0-C7C6DDF67D60/media/en-US/Professional2019Retail.img Download Microsoft Office 2019 Home and Business : https://officecdn.microsoft.com/db/492350F6-3A01-4F97-B9C0-C7C6DDF67D60/media/en-US/HomeBusiness2019Retail.img Download Microsoft Office 2019 Home and Student : https://officecdn.microsoft.com/db/492350F6-3A01-4F97-B9C0-C7C6DDF67D60/media/en-U

Windows comes preinstalled with a lot of bloatware, telemetry and unnecessary services enabled. This results in higher resource utilization and less privacy. This post introduces some free open tools that helps to enhance privacy on windows by disabling unnecessary services and bloatware. 1) Privatezilla Privatezilla integrates the most critical Windows 10 privacy settings and allows you to quickly perform a privacy check against these settings. Active settings are marked with the status "Configured" and indicates that your privacy is protected. The inactive ones are declared as "Not configured". All available settings (currently 60) can be enabled as well as disabled. Link : https://github.com/builtbybel/privatezilla 2) Windows10Privacy Windows 10 Privacy Utility streamlines many of Windows 10's built in privacy settings into something that is easy for people to access on a single page while also providing an easy way to access hidden functions and additional t

Consolidated list of  selected top 10 Infosec Learning resources and platforms. Red Teaming 1) Beginner? Want to learn ethical hacking basics. The best stepping stone is Practical Ethical Hacking course by TCM on freeCodeCamp's YT. FreeCodeCamp has other free courses related to programming, ethical hacking etc on their YouTube channel. Learn for free. Link : https://www.youtube.com/watch?v=3Kq1MIfTWCE 2) Try Hack Me (THM) Learn and practice your cybersecurity skills such red teaming activities, blue team activities etc. Has curated learning path for organized learning. Link : https://tryhackme.com/ Subscription : Most of the rooms are free. Subscription (~10$/mo) enables to access the learning path and exclusive rooms. Level : Beginner 3) Web Security Academy. Free, online web security training especially on OWASP top 10 from the creators of Burp Suite Link : https://portswigger.net/web-security Subscription :Free. Level : Beginner 4) eLearnSecurity Junior Penetration Tester Train

Recently i encountered a very annoying problem. One of my Windows VM running on Virtualbox. This windows host keep shutting down on regular intervals. Initially i couldn't able to identify whether it is random or happening on fixed time intervals. I went through the settings, change active hours, change advanced startup options and went through the scheduled tasks suspecting something is triggering the reboot. Well, that didn't fix the issue. Then i went through the event viewer, and under Windows Application logs, i can see some informational events with event ID 100 . It mentions that, the license period for this installation of Windows has expired. The Operating system will shutdown every-hour. So that's it. My Windows trial period was over and without having a valid license, the OS disables many windows features, won't receive any updates, and this regular shutdown thing.

Note : This is the continuation to my previous post on VirtualAlloc function, click here to refer. RtlMoveMemory function copies the contents of the payload to the destination memory block/buffer. The syntax of the function is, VOID RtlMoveMemory(   _Out_       VOID UNALIGNED *Destination,   _In_  const VOID UNALIGNED *Source,   _In_        SIZE_T         Length ); Destination : To where to copy the payload. Source : From where to copy the payload. Length : Size of the payload. Example : char payload[] ={0x90,0x90}; int payload_size=2; mem = VirtualAlloc(0,payload_size,MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); // Create and allocate a memory buffer RtlMoveMemory(mem,payload,payload_size) Reference : https://docs.microsoft.com/en-us/windows/win32/devnotes/rtlmovememory

While creating a malware, in-order to run they payload in the memory of the process, we need to create a memory buffer for the payload. For this purpose, we need to make use of the VirtualAlloc function. As per the windows documentation, a VirtualAlloc function reserves, commits or changes the state of a region of pages in the virtual address space of the calling process. Lets dig deep on this function and its parameters, The syntax for the function usage is, LPVOID VirtualAlloc(   [in, optional] LPVOID lpAddress,   [in]           SIZE_T dwSize,   [in]           DWORD  flAllocationType,   [in]           DWORD  flProtect ); lpAddres s : This field is optional. It is the starting address of the region to allocate. dwSize : The size of the region in bytes. This si usually the size of the payload we have, not less than that. flAllocationType : Type of memory allocation. The commonly used parameters are MEM_COMMIT and MEM_RESERVE, MEM_COMMIT : Allocates memory charges (from the overall si

Often times, we might need to save some of the images in a word document or from a power point presentation. Most of us copy and save the images one by one. There is an easier way to extract all the images from the office file at once. Watch the video or follow the steps mentioned below. 1) Rename the file extension to .zip 2) Open or extract the Zip file. 3) Access the word/ppt directory 4) Open media folder and there you can see all the images embedded in the document.

Metadata is the data about the data. Every files has some metadata and it describe what the file is (minus the content). For example,  an image file, its metadata might contain information such as when the image is created, by whom, when is it modified, who can access etc, but it wont be able to tell what is in that image.  There are different types of metadata. Lets go through the main types. 1) System Metadata This metadata is created and used by the Operating system. Though OS uses it for various purposes, it is essentially used to track and maintain the files stored in the file system. It contains information such as creation dates, modified date, access information etc, and we can see these info from the general properties of the file (Right click > properties > details). To view all the metadata information, use wmic. wmic datafile where name="c:\\example.txt" get /value No matter a file is deleted from the system, the metadata will remain and can be used for  con

While performing a digital forensics investigation, you might need to collect various artifacts, information and images from the target machine. Most of the times, we make use of the automated tools to retrieve the information that we require. Read DFIR KAPE : Evidence Collection Tool However, it is important to know to collect the data manually as well. This process of collecting the required information and image , also known as Evidence acquisition is one of the most important tasks to be performed correctly in order to start your investigation. The data that needs to be collected includes both volatile and non-volatile data. The minimal information that needs to collected ,includes, Date and Time Currently running tasks Current network connections ARP Cache Network Configurations and Shares DNS and Routing Table System Variables User/s Information System Information We can collect these manually and the following commands comes handy.  Lets collect all these information in a single

"Global Privacy Control (GPC) is a proposed specification designed to allow Internet users to notify businesses of their privacy preferences, such as whether or not they want their personal information to be sold or shared. It consists of a setting or extension in the user’s browser or mobile device and acts as a mechanism that websites can use to indicate they support the specification." -- Source : https://globalprivacycontrol.org/ GPC is inbuilt with Brave and DuckDuckGo browser, and from version 95.0 on-wards, Mozilla Firefox also began to support it. However, it is not enabled by default as of now. To enable GCP, follow the following steps. Access about:config from your firefox browser, Search for globalprivacycontrol , and enable the two options to true. To verify, go to https://globalprivacycontrol.org/ and if configured correctly, it will show the status.