Hope everybody had a good week! Sunday roundup for the 30th of April 2016. Please contact me if you would like to be featured on security-sleuth.com.Read More
It’s been a while since I have put together an original post the main reason for this is I have been feeding my desire to keep learning and growing. Good news for all of you I have spent on my time embedded in some InfoSec focussed learning. So now it’s time to share a few of the things I learnt with you all!
In a nutshell: I previously Interviewed the man behind this course Mike Hicks here. This would have to be one of the best courses on teaching secure coding available on the web instead of teaching concepts with some very small examples this course goes miles further by allowing you to reverse engineer and exploit code which isn’t written securely. Not only do you look at C code, you also delve into all of the common Software security issues like SQL injection and fuzz testing this course will definitely take your coding and security skills to the next level.
Find out more: https://www.coursera.org/course/softwaresec
In a nutshell: This course is comprised of many units although it’s not a security focused course it’s an interesting dynamic the lecturer has some professional developers come in and teach swift and the guys are fantastic and give some really good practical examples of using swift code.
I primarily took this because I was interested in learning Swift and running through some Fuzz testing with Swift code – eventually I will post something on this.
Also in light of recent events this week (a 1 million dollar iOS exploit bounty being claimed) the more you know about securing your iOS apps the better.
Find out more: https://www.coursera.org/specializations/app-development
Malicious software and its underground economy
In a nutshell: This course is a slightly different take on Computer Security instead of giving you a walkthrough on how to design and build systems it looks at Malicious software and tries to define its intents and how the people behind malware a) try to profit from it and b) how to determine how much they actually made from malware. The course also gives a great rundown of IDA Pro and how to use it effectively when analysing malware and other software.
Find out more: https://www.coursera.org/course/malsoftware
IT Masters Forensics short course
In a nutshell: This is a bit sized forensics course taken from one of the popular information security masters programs by Charles Sturt University in Australia. The course spans 5 weeks where the lecturer a renowned Forensics Expert goes through the basics of Computer Forensics Investigations and touched not only on the technical aspect but a lot the Legal and administrative aspects – highly recommend this to anybody who is thinking about a career in computer forensics.
The Complete Hacking Course: Go from Beginner to Advanced!
In a nutshell: If you’re looking to start a career in penetration testing this is the ultimate starting place. The course contains over 100 lectures covering multiple aspects of penetration testing not only will you delve into subjects like programming but it will walk you through pretty much every facet of penetration testing weather its cracking wifi or performing DOS attacks. This course will give you everything you need to start you on the path to being a security expert.
Find out more: https://www.udemy.com/penetration-testing/
As always please let me know if found this article useful or if you didn't, Don’t forget to like this post or leave a comment below to let me know another area you would be interested in reading about. Thanks for your continued support! Until next time!
There are two kinds of people in this world those with automated forensics tools and those who carve files, this post is for the second kind. Digital forensics like other branches of forensics science relies of artefacts and the effects of those artefacts on an environment, hopefully the presence or absence of these artefacts help prove or determine an event occurred, I’ll explore this much more in further posts but for this post I will focus explicitly on File Carving.
So what is File Carving?
In layman’s terms File Carving is the process of taking “chunks” of data out of disk images, memory dumps, packet captures basically files or data in a raw state. In most cases the way this is done is by looking for recognisable signatures in file dumps which look like garbage to the untrained eye.
So why carve Files?
File carving can often be time consuming and tedious, however the basic concepts of file carving are important corner stones of data recovery and Computer Forensics, if you don’t know how to carve files I highly recommend you start now, even though it can be time consuming and tedious it’s an important skill to have and hopefully as this post will show not that hard either.
What I used?
I performed the majority of the File Carving for this post on Windows where I used HxD. On Mac OSX I used iHEX and on Linux I used BLESS Hex Editor. They can all be found here:
- Hxd: http://mh-nexus.de/en/hxd/
- iHEX: https://itunes.apple.com/au/app/ihex-hex-editor/id909566003?mt=12
- BLESS: http://home.gna.org/bless/
|.Jpeg/jpg||FF D8||FF D9|
So to find a .jpg/jpeg file you need to locate the header which starts with the Hex values FF D8 and its footer FF D9
You can extract the image by selecting all of the data from FF D8 to FF D9 using the hex editors Built in selector
Once you have the file paste it into a new file and try opening it. As you can see we have successfully pulled a file out of a bunch of raw data. Here’s what the finished product looks like:
|25 50 44 46 2D 31 2E||25 25 45 4F 46|
So to find a .pdf file you need to locate the header which starts with the Hex values 25 50 44 46 2D 31 2E and its footer 25 25 45 4F 46. Much like above you can extract the image by selecting all of the data from the header to the footer using the hex editors Built in selector:
Paste that selection into a new file and presto – you have your .pdf file:
|.zip||50 4B 03 04 14||50 4B 05 06 00|
.zip’s are always interesting chiefly because they allow you to uncover more files! To extract a .zip it’s the same process as the above two examples (with a different header and footer) to get your .zip file:
A handy tip is to work with Linux or UNIX when manipulating .zip files it seems to handle this much better than windows
Where can I find examples to practice on?
The internet contains a vast treasure trove of great examples you can practice your file carving skills on of this includes things like .pcap files, disk images, and hex dumps. Here are some of the best places to find examples:
The example I used for this post came from here.
Some other great resources
Here are some other great resources on File carving:
As you can see from above File Carving is an extremely useful skill to have and I think the greatest perk of file carving is that it doesn't matter what disk image or .pcap file you come across you have the skills to open it up and extract its files like its nobody’s business. I plan on releasing a follow-up post where I run through this example set with some automated tools.
Please let me know if found this article useful or if you didn't, leave a comment below to let me know another area you would be interested in reading posts about. As always thanks for your continued support!