Timestomping Programmatically

Timestomping is a favourite topic of red teamers and forensic analysts. They often speak about the tools and powershell commands that can be used to do timestomping. How do these tools work? In the course of developing nTimetools, I read up on the various APIs and the extent of ...

Windows Persistency With OpenVPN GUI

OpenVPN GUI will automatically run the following batch files if it exists. No changes to config file is needed, just drop the batch file in place. Possible privilege escalation if user runs OpenVPN GUI with administrator privileges and uses a VPN config in his home directory. ...

Migrating rsyslog to Splunk

I recently decided to migrate my server cluster's logging mechanism from rsyslog to Splunk. My previous setup was to use rsyslog to centralise all logging onto /var/remotelog/ on a central server. I then configured the Splunk indexer to index both /var/log/ as well as /var/remotelog/, this ...

SANS FOR508 review

I was back at SANS October Singapore this year. Not much changed compared to the past year, the venue was the same, food was the same, even some of the course participants were familiar. This year, I signed up for the FOR508 course, as well as both NetWars Core and Defense. It was really tiring ...

FLARE-On 5 wasm with Chrome

Most of the solutions for FLARE-On 5 web2point0 challenge involve the use of a framework to decompile WebAssembly. Chrome offers the ability to debug WebAssembly code which gives us the opportunity to solve this challenge without any other tools. When solving simpler crackme binaries, we ...

On the SingHealth COI

Everyone and their dog seem to have something to say about the SingHealth COI. As someone who is certified and I hope, qualified, to comment on such matters, here is my piece. As usual, if you are able to read between the lines, the media reports unintentionally reveal quite a bit about the ...