CyberFibers
131 FOLLOWERS
My Location of Thoughts During a Buffer Overflow. Follow to get updates on powershell, windows, linux, etc.
CyberFibers
1y ago
Removing the profile and registry entry
The post Completely removing users using PS first appeared on Cyber Fibers ..read more
CyberFibers
1y ago
The average system administrator uses remote administration tools to enable them to tend to systems across their network. There are a variety of these tools available and one of them is Teamviewer. During an incident, there are several logs and artifacts of interest that are vital. Each log provides some
The post Teamviewer Forensic Artifacts first appeared on Cyber Fibers ..read more
CyberFibers
1y ago
The use of Secure Shell Protocol (SSH) in a network is can provide significant capabilities. It specifically enables a person to connect to a system via an encrypted shell, authenticate, and interact with a system. For this to happen, however, systems acting as clients need to have an SSH client,
The post Parsing Bitvise Logs for Analysis first appeared on Cyber Fibers ..read more
CyberFibers
1y ago
The use of Cloud infrastructure has substantially grown over the years. As people become more comfortable with the technology, it will certainly continue to grow. With comfortability, comes an overabundance and reliance on the use of the platforms in the Cloud. While this could be great for users and organizations,
The post Retrieving Files You’ve Uploaded to Microsoft Teams first appeared on Cyber Fibers ..read more
CyberFibers
1y ago
A common task within Incident Response and Digital Forensics (DFIR) is to identify any evidence of execution of something. That evidence helps to paint a story as to what took place on the machine and possibly highlight other pertinent things that may be unknown. Most commonly, this evidence can be
The post SRUM DB… Enhancing Forensics! first appeared on Cyber Fibers ..read more
CyberFibers
1y ago
This week has been very interesting with Microsoft unintentionally disclosing a remote code execution vulnerability in SMB v3. This particularly affects the data compression feature within the 1903 and 1909 versions of Windows 10 and Server 2019. This left defenders everywhere in a frantic state while malicious actors worked overtime
The post Reducing SMBv3 Vulnerability Attack Surface first appeared on Cyber Fibers ..read more
CyberFibers
1y ago
All too often an interesting item is discovered on a system and everyone wants to know if the item exists on any other system. This could be a daunting task but this can be accomplished using PowerShell. With the location and name of the file in hand, the following can
The post Validating the Presence of an Item across multiple computers first appeared on Cyber Fibers ..read more
CyberFibers
1y ago
Windows variant of a webserver is called Internet Information Services (IIS). The feature comes as part of Windows server builds but isn’t enabled but default. If you manage an IIS server, logs write to c:\inetpub\logs by default and without a tool or capability, aren’t necessarily the easiest to read. With
The post Parsing IIS Logs first appeared on Cyber Fibers ..read more
CyberFibers
1y ago
It’s been a few months since the BlueKeep vulnerability was brought to light. This discovery shouldn’t be taken lightly as it allows a malicious user to gain unauthenticated access and the ability to perform remote code execution on Windows systems. The documentation on the vulnerability depicts that the following operating
The post Reducing the Attack Surface for BlueKeep first appeared on Cyber Fibers ..read more
CyberFibers
1y ago
Anyone who has a system that is accessible on the Internet has likely had their fair share of brute force attempts. Utilizing something like Fail2ban is great because it blocks those type of attacks, providing some level of security. The downfall about Fail2ban is that it was developed for *nix
The post Invoke-Fail2Ban first appeared on Cyber Fibers ..read more