Digital First Response

  Read Time: 5 Minutes Ghidra has been a pleasure to work with on low-resolution systems.  After using the font sizing options Edit -> Tool Options (See " ByteViewer " or " Listing Display ") I could not find a setting for any system with a high-resolution monitor that made the menu/menu items/windows larger.  Then I came across the " launch.properties " (under /opt/ghidra/support) file which contains an attribute called " Dsun.java2d.uiScale= 1 ".  After modifying the value to " 2 " I now have a much friendlier experience using ghidra on newer hosts.   Hope this helps someone!  

  Read Time: 5 Minutes Continuing sharing my research that started last year I am releasing my slide deck for " REM(Containers) - The real Xanthe ".  I just presented on this and plan to continue to release content that addresses forensic analysis of containerization related technology and eventually relating that back to full CI/CD analysis.  The release list as of now looks like this: Docker Forensics* Malicious Container Analysis* K8S Forensics SAAS Containerization Forensics CI/CD Forensics Stay tuned for more content and leave your suggestions below!

  Read Time: 5 Minutes In 2020, I worked on several efforts that ranged from Malware targeting Mac OS X to Cloud Forensics.  For the remainder of 2021 I will be releasing the results of my research and I am leading with the release of my efforts on containerization forensics which is imbodied in my talk "Digital Forensics Applied to Containers: Enhancing Intruder Dilemma".  See a video of the original presentation at dc706 , most recent presentation at issacolga , the latest presentation slides , and a docker forensic cheatsheet .   Stay tuned for more content and leave your suggestions below!

  Read Time: 5 Minutes During 2019, I worked on several presentations for my local community.  After much work one of the presentations called " REM(Mach-O) Looking at Bad Apples " we felt might be ready for public consumption after sharing it in my local DEFCON community DC706 .  You can see my communities pre-screening of the content here .  I selected Atlanta B-SIDES 2020  and created a new cut of the content titled " REM(Mach-O)  Turning Jues to Wine ".  Also, updated a Mac OS X Reversing Quick Reference for attendees that were interested in building on the private learning that I was going to share.  Since the content was never presented I wanted to take the time to at least release the material via blogpost so it was generally available. Looking forward to building some new content before 2020 ends and hopefully present something fun in 2021!  Please leave comments if you have questions of course.

Read Time: 5 Minutes During the process of conducting malware analysis, or software vulnerability analysis, it is sometimes a necessity to perform windows kernel debugging . What has not been working reliably on Mac Os X was Vmware Fusion with a Windows guest setup with debugging enabled over serial. What did work reliably is enabling a windows guest with VT-x and then within that guest hosting a secondary windows guest configured for kernel debugging.  An example of this includes configuring the processor correctly on the Fusion guest to enable support of virtualization started by opening hardware settings for debugging client with ⌘E bring you to the screen in Figure 1: Figure 1: Select Processors and Memory Within your Processor and Memory settings you want to do the following: 1.  Provision enough resources for the host to function and to be able to allocate a secondary windows guest with appropriate amount of resources for the task. 2.  Enable the ability to

Read Time: 10 Minutes Keeping to the " Fun with Flags ", this post will demonstrate how I solved the third challenge for the  SANS Holiday Hack 2017 .  Building on the content in my last couple posts, see  Challenge 1  and Challenge 2 , I demonstrate how the Console Challenge was solved and any hacking required to capture the actual flag. Figure 1: Fun with Flags Staarfaenger For Challenge 3 the following question is posed:  "The North Pole engineering team uses a Windows SMB server for sharing documentation and correspondence. Using your access to the Letters to Santa server, identify and enumerate the SMB file-sharing server. What is the file server share name?" The hint "...please see Holly Evergreen in the Cryokinetic Magic Level" is provided.  So heading over to the challenge we try to locate our first terminal which can be seen in  Figure 2: Finding the Third Terminal. Figure 2: Finding the Third Terminal After a left click you a