Skip to main content

Posts

Download Microsoft Office 2019 offline installer.

When you do malware analysis of documents or office files, it is important to have Microsoft Office installed in your Lab machine. I am using flare VM and it doesn't comes with MS Office. Since Microsoft is promoting Microsoft 365 over the offline version, finding the offline installer is not that easy. Here is the list of genuine Microsoft links to download the office .img files.  Download Microsoft Office 2019 Professional Plus : https://officecdn.microsoft.com/db/492350F6-3A01-4F97-B9C0-C7C6DDF67D60/media/en-US/ProPlus2019Retail.img Download Microsoft Office 2019 Professional : https://officecdn.microsoft.com/db/492350F6-3A01-4F97-B9C0-C7C6DDF67D60/media/en-US/Professional2019Retail.img Download Microsoft Office 2019 Home and Business : https://officecdn.microsoft.com/db/492350F6-3A01-4F97-B9C0-C7C6DDF67D60/media/en-US/HomeBusiness2019Retail.img Download Microsoft Office 2019 Home and Student : https://officecdn.microsoft.com/db/492350F6-3A01-4F97-B9C0-C7C6DDF67D60/media/en-U
Recent posts

Enhance your privacy on Microsoft Windows.

Windows comes preinstalled with a lot of bloatware, telemetry and unnecessary services enabled. This results in higher resource utilization and less privacy. This post introduces some free open tools that helps to enhance privacy on windows by disabling unnecessary services and bloatware. 1) Privatezilla Privatezilla integrates the most critical Windows 10 privacy settings and allows you to quickly perform a privacy check against these settings. Active settings are marked with the status "Configured" and indicates that your privacy is protected. The inactive ones are declared as "Not configured". All available settings (currently 60) can be enabled as well as disabled. Link : https://github.com/builtbybel/privatezilla 2) Windows10Privacy Windows 10 Privacy Utility streamlines many of Windows 10's built in privacy settings into something that is easy for people to access on a single page while also providing an easy way to access hidden functions and additional t

Top 10 Free Infosec Learning resources and platforms.

Consolidated list of  selected top 10 Infosec Learning resources and platforms. Red Teaming 1) Beginner? Want to learn ethical hacking basics. The best stepping stone is Practical Ethical Hacking course by TCM on freeCodeCamp's YT. FreeCodeCamp has other free courses related to programming, ethical hacking etc on their YouTube channel. Learn for free. Link : https://www.youtube.com/watch?v=3Kq1MIfTWCE 2) Try Hack Me (THM) Learn and practice your cybersecurity skills such red teaming activities, blue team activities etc. Has curated learning path for organized learning. Link : https://tryhackme.com/ Subscription : Most of the rooms are free. Subscription (~10$/mo) enables to access the learning path and exclusive rooms. Level : Beginner 3) Web Security Academy. Free, online web security training especially on OWASP top 10 from the creators of Burp Suite Link : https://portswigger.net/web-security Subscription :Free. Level : Beginner 4) eLearnSecurity Junior Penetration Tester Train

[Fix] Windows shuts down automatically without warning?

Recently i encountered a very annoying problem. One of my Windows VM running on Virtualbox. This windows host keep shutting down on regular intervals. Initially i couldn't able to identify whether it is random or happening on fixed time intervals. I went through the settings, change active hours, change advanced startup options and went through the scheduled tasks suspecting something is triggering the reboot. Well, that didn't fix the issue. Then i went through the event viewer, and under Windows Application logs, i can see some informational events with event ID 100 . It mentions that, the license period for this installation of Windows has expired. The Operating system will shutdown every-hour. So that's it. My Windows trial period was over and without having a valid license, the OS disables many windows features, won't receive any updates, and this regular shutdown thing.

Malware Analysis : RtlMoveMemory function and its usage.

Note : This is the continuation to my previous post on VirtualAlloc function, click here to refer. RtlMoveMemory function copies the contents of the payload to the destination memory block/buffer. The syntax of the function is, VOID RtlMoveMemory(   _Out_       VOID UNALIGNED *Destination,   _In_  const VOID UNALIGNED *Source,   _In_        SIZE_T         Length ); Destination : To where to copy the payload. Source : From where to copy the payload. Length : Size of the payload. Example : char payload[] ={0x90,0x90}; int payload_size=2; mem = VirtualAlloc(0,payload_size,MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); // Create and allocate a memory buffer RtlMoveMemory(mem,payload,payload_size) Reference : https://docs.microsoft.com/en-us/windows/win32/devnotes/rtlmovememory

Malware Analysis : VirtualAlloc Function, Usage.

While creating a malware, in-order to run they payload in the memory of the process, we need to create a memory buffer for the payload. For this purpose, we need to make use of the VirtualAlloc function. As per the windows documentation, a VirtualAlloc function reserves, commits or changes the state of a region of pages in the virtual address space of the calling process. Lets dig deep on this function and its parameters, The syntax for the function usage is, LPVOID VirtualAlloc(   [in, optional] LPVOID lpAddress,   [in]           SIZE_T dwSize,   [in]           DWORD  flAllocationType,   [in]           DWORD  flProtect ); lpAddres s : This field is optional. It is the starting address of the region to allocate. dwSize : The size of the region in bytes. This si usually the size of the payload we have, not less than that. flAllocationType : Type of memory allocation. The commonly used parameters are MEM_COMMIT and MEM_RESERVE, MEM_COMMIT : Allocates memory charges (from the overall si

How to extract images from a word/powerpoint document?

Often times, we might need to save some of the images in a word document or from a power point presentation. Most of us copy and save the images one by one. There is an easier way to extract all the images from the office file at once. Watch the video or follow the steps mentioned below. 1) Rename the file extension to .zip 2) Open or extract the Zip file. 3) Access the word/ppt directory 4) Open media folder and there you can see all the images embedded in the document.

[DFIR] Metadata, Types, How to access?

Metadata is the data about the data. Every files has some metadata and it describe what the file is (minus the content). For example,  an image file, its metadata might contain information such as when the image is created, by whom, when is it modified, who can access etc, but it wont be able to tell what is in that image.  There are different types of metadata. Lets go through the main types. 1) System Metadata This metadata is created and used by the Operating system. Though OS uses it for various purposes, it is essentially used to track and maintain the files stored in the file system. It contains information such as creation dates, modified date, access information etc, and we can see these info from the general properties of the file (Right click > properties > details). To view all the metadata information, use wmic. wmic datafile where name="c:\\example.txt" get /value No matter a file is deleted from the system, the metadata will remain and can be used for  con

[DFIR] : Manually collecting Volatile data from a Windows machine.

While performing a digital forensics investigation, you might need to collect various artifacts, information and images from the target machine. Most of the times, we make use of the automated tools to retrieve the information that we require. Read DFIR KAPE : Evidence Collection Tool However, it is important to know to collect the data manually as well. This process of collecting the required information and image , also known as Evidence acquisition is one of the most important tasks to be performed correctly in order to start your investigation. The data that needs to be collected includes both volatile and non-volatile data. The minimal information that needs to collected ,includes, Date and Time Currently running tasks Current network connections ARP Cache Network Configurations and Shares DNS and Routing Table System Variables User/s Information System Information We can collect these manually and the following commands comes handy.  Lets collect all these information in a single

How to enable Global Privacy Control (GCP) in Mozilla Firefox?

"Global Privacy Control (GPC) is a proposed specification designed to allow Internet users to notify businesses of their privacy preferences, such as whether or not they want their personal information to be sold or shared. It consists of a setting or extension in the user’s browser or mobile device and acts as a mechanism that websites can use to indicate they support the specification." -- Source : https://globalprivacycontrol.org/ GPC is inbuilt with Brave and DuckDuckGo browser, and from version 95.0 on-wards, Mozilla Firefox also began to support it. However, it is not enabled by default as of now. To enable GCP, follow the following steps. Access about:config from your firefox browser, Search for globalprivacycontrol , and enable the two options to true. To verify, go to https://globalprivacycontrol.org/ and if configured correctly, it will show the status.         

Being a Firewall Engineer : An Operational Approach: A Comprehensive guide on firewall operations and best practices

Glad to announce the second edition of my book, Being a Firewall Engineer : An Operational Approach: A Comprehensive guide on firewall operations and best practices is now live on Amazon . The firewall technologies and the landscape is rapidly changing and therefore i needed to make multiple changes from the first edition.This is not a configuration guide and is suitable for beginners and junior engineers. The following topics are briefly covered in the second edition of this book. Various Job roles related to Firewalls. What makes you a firewall expert? Know the major firewall vendors and their models. Firewall ranking and benchmarks. Understand the packet flow or order of operation. Understand the different types of firewalls. Daily tasks of a firewall administrator Guidelines on firewall hardening and compliance. Understand Change Management process. Illustration on How to make a firewall change (incorporating Change management process) with a real world example.

eLearnSecurity Resources [Syllabus,Report Templates, Useful links]

eLearnSecurity (ELS) offers a lot of great certifications in the field of Cybersecurity. Last year, ELS was acquired by INE. In my opinion, after the acquisition, there are a lot of gaps. First of all, many the links in the training materials are broken. Also information regarding the certification or the training materials are limited on the internet. Though INE has a community forum, getting a clear cut answer or solution is based on your luck. I haven't seen a lot of activity on their community page. It seems like many of the students are not even aware of this new community website. When i was preparing for some of the ELS courses, i was having a hard time to get information on the certification exam, even for the exam syllabus. I have also noticed that many like me, posting queries on syllabus, report templates etc on other websites like reddit, twitter etc. So, here are some of the useful links related to cybersecurity and its certifications, training and Syllabus.  Reporting