blacklight forensics

keylogger for remote target host.Keyscan_dumpStores the keylogger captured on the target host.Keyscan_stopStops the keylogger for the target host.GetprivsGet the privileges on the target host as much as possible.Uictl Enable Keyboard/mouseTake over the target host's keyboard and mouse.BackgroundTurn your current Metasploit shell into a background execution.HashdumpExport the password hash value in the destination host.Use snifferLoad sniffer mode.Sniffer_interfacesLists all open network ports f

, not on the hard disk left traces so traditional forensics difficult to findThe Passivex can help bypass the restricted outbound firewall. It does this by creating a hidden instance of Internet Explorer by using an ActiveX control. By using the new ActiveX control, it communicates with the attacker through HTTP requests and responses.Nonx is used to circumvent DEP and has DEP on some CPUs to prevent code from running in some areas of memoryThe reflec

existence of pornographic live content. Law enforcement officers in the evidence found that the platform recommended by the popular live columns there are a large number of pornographic content. Therefore, was ordered to suspend business rectification. The following are specific details: -Forensics Female anchors take off clothes June 29, the City Culture Law Enforcement Corps received a report, said the live platform "Hey

Observation and Geoinformation Elsevier Remote Sensing of Environment Elsevier Isprs JOURNAL of Photogrammetry and REMOTE sensing ISPRS Journal of Applied Remote sensing SPIE Journal of the Indian Society of Remote Sensing Springer Multimedia IEEE Transactions on Circuits and Systems for video Technology IEEE IEEE Transactions on Multimedia IEEE Optics Journal Optical Society of America OSA Optometry and Vision Science lww Information Fusion Information Fusion Elsevier Information Processing Le

cooperation has also been greatly improved. In view of the current situation, the information recording function of the firewall is becoming more and more perfect, through the log system of the firewall, it can easily track the events occurred in the past network, can also complete the linkage with the audit system, have enough verification ability, to ensure that the evidence collected in the process of investigation and forensics conforms It is bel

According to the network related news, recently Beijing network supervisor and Interpol, successfully cracked a network security company employees using hacker means DDoS attacks, to a domestic signature network game server launched a flood trip, lasted one months of server paralysis to the game directly caused by millions of economic losses. During the attack, the game security engineer allegedly changed the IP link address of the game, but the DDoS data stream swooped again after a brief five-

usual security audit products, the process of forensics and reproduction is second, and the traceable operation of the data is the first, some people understand that data recovery is the work of data backup and disaster-tolerant system, but it is only one aspect of the whole database should be like this, However, the recovery of data for individual users is the audit here to solve. The audit here is somewhat like the operation log of the database, bu

"NetEase Science and technology News" June 29, Guangdong Telecom in yesterday afternoon issued "on the June 25 Internet failure situation of the notice", because the router appears to run abnormally caused this network failure. China Telecom said that June 25 17:46, China Telecom Guangdong Company Internet router cluster two routers appear to run abnormal, 50% of the provincial circuit was affected, resulting in Guangdong Telecom users to visit the Internet is not smooth, China Telecom in accor

A few days ago colleagues in the computer process inexplicably appeared 1sy.exe,2sy.exe,3sy.exe,9sy.exe,8sy.exe,svchost.exe,rundl132.exe such files, as long as the. exe files are discolored, change flowers! In addition, the reload system did not, after another think the virus must be linked with the shutdown program, so the patience and reload the system, according to the following detailed steps to kill the virus, please refer to the Recruit: Pay attention to the Rundl132.exe boot program.No a

flaw (use the switch instead of can share to monitor the hub to make the Network Monitor of IDs bring trouble, and in the complex network under the careful contract can also bypass the monitoring of IDs);Second, a large number of false positives (as long as a boot, alarm non-stop);Third, the ability of their own defense is poor, so, IDS is still insufficient to complete the task of network security protection.IDs defects, achievements of the development of IPs, IPS technology to the network mul

Tags: firewall web site Hash soc encryption Compress package centralize sniff service First, the introduction NC is Netcat shorthand, has the network world the Swiss XXX reputation. Because it is short and functional, it is designed as a simple and reliable network tool. NC commands commonly used are two: 1,-V Output detailed interaction or error message 2,-n if the following is IP address will not be DNS resolution EG:NC-VN 192.168.11.11 88,882, the use of NC text transmission: Similar

, change the valve size in the production system, that is, the so-called operating baselineWarning Implementation method1, SQL Agent configuration job method implementation2. Scheduled TasksThe above two configurations, can be flexibly mastered, the operation is quite simple, if not, can self Google. Of course, if you do not want to intervene in the normal production system, you can add a server dedicated to automating operational inspection to enable remote monitoring.Subsequent articles will a

mentioned a method: similarity type matching estimation method . 　　Method two similarity type matching estimation method 　　This method is also essentially based on the SQLite database file structure, the preparation phase and method one, but also to traverse all leaf pages, in order to find all the free blocks, in addition to the normal record unit of the type area. But in the judgment phase, it is no longer a single free block, but a comparison with the existence of the recording unit, from wh

Tags: operations Start Services kernel load uid udploglan kernel version # 1, Forensics tools-LiME memory Acquisition tool-volatility memory analysis tool # 2, machine information collection #sysinfo 16# # View current logged on user who > who.txt# # Displays user information for the currently logged in System W > w.txt# # Display Time date > date.txt# # View CPU Information cat/proc/cpuinfo > cpuinfo.txt# # Query system version lsb_release-a > lsb_

, anonymity, digital forensics, programming, and even productivity. Therefore, this is the perfect security and network administrator dedicated Linux distribution.2. Best light weight release: lxleThe Lxle combines a compact size with considerable productivity.No doubt, I think lxle will be the best Lightweight release option for the 2017. The Lxle combines a small footprint with an excellent production capacity, where you can find almost all the tool

Tags: netstat xargs regular sort linux system keyword Inux task appears0. IntroductionIncident emergency refers to the first time the system problems, error troubleshooting, intrusion process restore forensics, intrusion source trackingand other emergency treatment.Knowledge point 1, the common analysis start point(1) file analysis(2) Process analysis(3) Network analysis(4) Command analysis(5) Log analysisGenerally speaking:Part of the analysis of the