Posts

Showing posts from 2017

Using Forensic Artefacts for Penetration Testing

In my last post, OSCP as a Digital Forensics/Incident Response Analyst , I made the comment that DFIR and Penetration Testing skill sets are complimentary. The purpose of this post is for me to investigate how digital forensic knowledge can be practically applied to a penetration test or red team activity to identify valuable data and assist in remaining undetected. Many of the artefacts discussed are not 'secret' or 'advanced' forensic artefacts. In fact, some of the artefacts discussed are incredibly common, such as Windows event logs. These artefacts, whilst common, are a record of user and system activity and can be used to reconstruct events on the system. Knowledge of these artefacts and the data they store can be valuable during forensic investigations. All techniques detailed in this article are executed through native Windows Powershell, and do not rely on any third party forensic tools. It it worth noting that this post is about applying digital forens

OSCP as a Digital Forensic/Incident Response Analyst

Image
As a DFIR analyst, I have predominantly worked on the responsive side of cyber security. I have been lucky enough to work for employers that support good quality training and certification - however training for me has usually been geared towards forensics and incident response in line with my role. With the desire of expanding my offensive knowledge and experience, I decided to take the  Penetration Testing with Kali  course - a lab based penetration testing course. I initially purchased 2 months access. Whilst I had read that it is a difficult course (depending on experience), I did not comprehend the learning curve, fun and frustration of what I had signed up for... A part of this ignorance was derived from the fact that I could not find a write-up of someone with similar experience attempting the OSCP. So here we are. Experience/Education I completed an undergraduate in Cyber Forensics and Networking (double major), following which I have worked in cyber security/DFIR for