Misc Cheat Sheet
Online Tools
| Encode & Decode |
|---|
| Free Online Barcode Reader |
| QR Code Barcode Reader Online |
| Encoding |
| 獸語 |
Check file info
1 |
|
-
$ binwalk -e的範例可以參考Deadface - Electric Steel
Steganography
- text: zsteg(just for
bmpandpngfiles), Quick Crypto - file: steghide(
sudo apt-get install steghide)($ steghide extract -sf atbash.jpg) - 進階的steghide → stegseek
1
2
3$ wget https://github.com/RickdeJager/stegseek/releases/download/v0.6/stegseek_0.6-1.deb $ sudo apt install ./stegseek_0.6-1.deb -y $ stegseek [stegofile.jpg] [wordlist.txt]
Disk Analysis
-
Foremost: 針對所支援的檔案結構去進行資料搜尋與救援
$ foremost -v {filename} - Sleuth kit/Autopsy
- FTK Imager
-
Logontracer: Just use GUI to present event log traced on windows
$ python logontracer.py -r -o 8000 -u neo4j -p neo4j -s localhost
Memory Forensics
- 建議直接使用windown protable version會比較穩定而且不需要處理環境的問題
- Volatility - Cheat Sheet
-
Volatility 3
:::spoiler Set up & How2Use
Windows Volatility 3 Problems & Solutions
Windows Set up Tutorials
1
2
3
4
5$ git clone https://github.com/volatilityfoundation/volatility3 $ cd volatility3 $ pip install -r requirement.txt $ python vol.py -f <path to memory image> plugin_name plugin_option $ python vol.py -h # For help:::
-
Volatility 2
:::spoiler Set up & How2Use
Windows Set up Tutorials
1
2
3
4
5
6
7
8$ conda create --name py27 python=2.7 $ conda activate py27 $ git clone https://github.com/volatilityfoundation/volatility $ cd volatility $ pip install pycrypto $ pip install distorm3 $ python vol.py -f <path to memory image> plugin_name plugin_option $ python vol.py -h # For help:::
Package
- Wireshark cheat sheet
-
nmap:$ sudo apt-get install nmap -
ntpdc$ sudo apt-get install ntpdc - tcpflow
$ sudo tcpflow -r {pcap file}
Brute Force Password
- for WPA/Wifi based:
aircrack-ng, Wifite - for system user: John the Ripper
Sound
- hide files: MP3stego
1
2$ ./encode -E hidden_text.txt -P pass svega.wav svega_stego.mp3 $ ./decode -X -P pass svega_stego.mp3 - sound to image:
- hide message: silenteye