She also worked at SRA International as a Cyber Security Analyst and at the National Cyber Forensics and Training Alliance as a Research Analyst and holds a master’s degree in business administration with a focus on Project Management from Champlain College and a bachelor’s degree in cyber/computer Forensics and Counterterrorism from Utica University.

One of Amy’s standout traits is her dedication to sharing knowledge. She’s been involved in the DFIR community with initiatives like the “12 Days of DFIRmas” podcast series, which brought together experts to discuss everything from mobile forensics to new tools on the horizon.

At events like the 2024 eCrime Symposium, she presented on Evolving Standards with AI, sharing insights on how AI is reshaping forensic standards and advancing investigations.

Can you share your journey into the field of digital forensics and how you co-founded ArcPoint Forensics?

My journey into digital forensics wasn’t exactly a straight path. Growing up on a dairy farm in New York, I was surrounded by family members in the medical and agricultural fields, while I was always more interested in tech. That made me the oddball in my family. At a young age, I was always obsessed with figuring out how things worked or trying to figure out better ways to make my life easier with chores. Multiple times a year, I would bring up innovative ways to improve daily tasks on our farm to my Stepdad, Steve.

“Hey Steve! We should get an automatic barn cleaner! Those things look so cool, they clean the gutters for you and just blop it in the spreader!” And I was usually faced with the response “Do you know how expensive those things are? Why would I want that when you are shoveling sh*t for free?”

The list goes on of the ideas I would come up with to modernize the farm! I didn’t have access to the latest and greatest tech, but my parents did have a family computer that I tinkered with and would have to fix before my mom got home from work. This is where it started for me, breaking and fixing my mistakes, repeatedly.

Later in high school, I got into gaming, specifically World of Warcraft. Through the game, I met many people online and learned a lot about the world beyond the farm. This helped me as I started figuring out my college plans. I attended Utica College of Syracuse University locally, where I was an avid runner and earned a scholarship for their cross-country team. Initially, I planned to study criminology with the goal of becoming a police officer. The idea of combining my gaming experience with catching bad guys intrigued me.

View this post on Instagram

A post shared by Amy Moles (@amy_arcpoint)

A few weeks into my college courses, a cybersecurity advisor noticed my criminology major on my computer entry exam. He asked about my career plans and suggested I consider a similar role in cybersecurity, away from road patrol. I hadn’t thought about it, but after attending one of his lectures, I was hooked. The talk about digital forensics, takedowns, and cybercriminals opened up a new world of possibilities for me.

Before joining the cybersecurity program, I had zero experience in computer science and only minimal IT knowledge. I struggled with programming, late nights in the digital forensics lab, and challenging math courses. I was definitely out of my depth, but the advisor’s support kept me going. By the end of my junior year, I was helping students with EnCase and coding simple programs in C++, feeling like I finally belonged.

In my senior year, I completed three internships: at the Mohawk Valley Police Academy, McKesson Pharmaceuticals, and the National Cyber Forensics and Training Alliance (NCFTA) in Pittsburgh. At NCFTA, I discovered my passion for the community, working on major investigations involving money laundering and the dark web. My gaming experience proved valuable in virtual money laundering cases.

After that, I moved to DC for federal defense contracting. I worked at the National Science Foundation on tech policy and compliance, then at the FBI for incident response, and finally at the National Media Exploitation Center (NMEC) for digital forensics investigations and operations. I was deeply impressed by the mission and impact of NMEC, and I met incredible people along the way.

After over 10 years of being in the weeds, doing hands-on technical work and leading teams, I knew I wanted to make a greater impact. At that point, I founded ArcPoint Forensics with my business partner. What began as a conversation evolved into a prototype, then a business, and finally a product dedicated to advancing digital forensics and supporting the greater mission.

What inspired you to specialize in digital forensics and incident response?

For me it was the thrill of solving the puzzle. The rush of incident response in the beginning of my career was cool. We had limited time to figure out the problem, respond to it appropriately and build it back better, with stronger defenses. When I transitioned to NMEC it was the people aspect that inspired me. The impact, the mission, the same mentality we all shared as well as the overall problem sets, we were trying to solve in regards to national security. My inspiration wasn’t a singular moment but something that has continued to build and evolve for me over the years. I love being able to help people and give back. This was my way to give back to my community and my country.

How do you see the future of digital forensics evolving over the next few years?

I believe that the way we conduct behavioral analysis of individuals on their devices will evolve as generative AI tools become more prevalent. Analysts will need to examine actions on operating systems and devices with greater precision to distinguish between AI-generated activities and human interactions. On the flip side, AI can also help us predict actions based on behavioral analysis before they occur. For example, AI could identify digital footprint markers of an employee about to steal data from a corporation. This would allow analysts to take preemptive measures, such as reducing access, cutting off permissions, and applying other data protections before the theft happens.

What are your thoughts on the current state of digital forensics education and training?

We’re seeing more platforms emerge that offer better accessibility to training at affordable rates. However, escalating training costs are forcing employers to limit training budgets. This financial strain highlights a pressing issue: education and training should be more accessible to ensure that examiners can build a solid foundation for success. Whether through formal education or specialized training, mastering the fundamentals is crucial, especially as tools become increasingly expensive. With the abundance of open-source software and free tools available, what we truly need is a firm grasp of the foundational principles in digital forensics.

What are the biggest threats you see in the realm of cybersecurity today?

Right now, I think we are looking at Artificial Intelligence (AI) and Machine Learning (ML) as a double-edged sword in our industry. These tools and assistance provide us with efficiencies for a positive experience, but they also pose significant risks when misused for malicious purposes. These technologies can be leveraged to create more sophisticated attacks and automate cybercrime, making it difficult for traditional security measures to keep up.

For example, we are seeing a higher uptick in Phishing attacks. AI generated phishing emails are the culprit allowing attackers to analyze larger datasets to identify vulnerabilities and tailor those attacks accordingly.

Deepfakes are another threat that are on the rise. Recently, KnowBe4 revealed a case where a deepfake was used to hire a fake IT worker from North Korea. This individual posed as a software engineer, managed to bypass the company’s hiring process and gain access to their internal system. Deepfake technology allowed this individual to successfully social engineer his way into this position, get hired, and obtain company property and access to their networks. We normally think of deepfakes as disinformation or propaganda generation. Now we are seeing individuals like this one get creative and take the threat to the next level.

How do you see the role of artificial intelligence evolving in threat detection and respons

Well now that I just talked about the threat and negativity around AI, I like going into a more positive note. It’s not all bad. The increasing amount of data and traffic from devices and networks creates pain points for our industry so we as analysts have to evolve our cybersecurity strategies and practices to keep pace. In regard to threat detection, anomaly detection using AI algorithms is extremely beneficial. This is nothing novel. We have been doing this for years, but we are now using AI to work faster and smarter around these processes.

We are leveraging AI to identify unusual patterns in network traffic, user behavior, or system logs that could indicate malicious activity or an attack. If we pair that with rapid containment leveraging AI technologies, we now can isolate malicious activity, such as data exfiltration, and isolate compromised systems quickly reducing damage, data loss, and downtime. This goes back to the topic we already discussed, where do I see the future of digital forensics, simple evolving and adopting AI to work smarter and faster. As analyst we will still need to leverage these tools, validate the findings, investigate the problem set, etc. AI is not a replacement for the human aspect of our jobs but rather a tool to assist us in responding quickly, triaging data faster, and learning how to streamline our existing workflows to keep pace with the amount of data and resources we face day in and day out of our jobs in this industry. That problem is not going away.

What are some of your personal hobbies and interests outside of work?

I am an avid movie watcher with my significant other. He reminds me to take a break and enjoy the “show”…literally. We have a monthly movie pass and see a lot of movies. Even if they are terrible, we make good fun out of quoting or laughing about the experience afterwards. I would say the best movie we have seen this summer was Inside Out 2. I know… it’s a kid’s movie but there are some powerful life lessons about emotions that adults can take away! Plus, we turned that movie into a family outing and brought the little ones who I’m fairly certain were more interested in the snacks.

View this post on Instagram

A post shared by Kaitlin Bell • Lifestyle/Prep/Posing (@phenomkb_ifbbpro)

Outside of the movies, I’m a competitive bikini bodybuilder. I started that about two years ago and fell in love with the sport. I love how challenging it is and how mentally strong you must be every day. I track macros and weigh all my food; I work out using a program built by a professional coach, and I have to practice stage posing every day. Give me a follow-on IG @amysmidliftcrisis! It gives me that “time out” mentality that I need while lifting heavy things up and down at the gym. Right now, I’m in my bulk phase and preparing for prep which will be in Summer 2025. I’m enjoying all the snacks I can now before I have to start cutting weight! That is probably the hardest part for me.

@amysmidliftcrisis

From practice to stage! Excited to go into build season and see the growth from now until stage 2025! #fitness #gym #workout #fitnessmotivation #fit #motivation #bodybuilding #training #health #fitfam #love #healthylifestyle #lifestyle #gymlife #gymmotivation #sport #instagood #healthy #muscle #fitnessmodel #exercise #fitnessjourney #wellness #musclemommy #fitmom #momlife #ocb #gymbuddy #npc #gymgirl

♬ Tell It To My Heart – Cash Cash & Taylor Dayne

Another hobby would be comic books. I’m a closet nerd for the most part or I like to think that I am. I’m probably just fooling myself. I love DC comics. The Batman, Poison Ivy, and Preacher series are some are my favorites. Recently my 5-year-old son showed an interest in Green Lantern. I almost cried! I was so happy I can share something near and dear to me, with him. Right now, he and I are working our way through Scoopy Doo Team Up, which is a Batman series and of course, the famous group of meddling kids! I’m still trying to hunt down some more age-appropriate Green Lantern series. I’m open to any recommendations!

How do you stay motivated and inspired in the ever-evolving field of digital forensics?

The community and the people that make up this community inspire me and keep me motivated. I’m not performing as much analysis on devices as I would like to in my current role, but I stay up to date with the latest trends, tech, and techniques in our industry by reading blogs, going to events, attending webinars and generally interacting with customers and industry partners. I love to listen to how passionate individuals are through their most recent discoveries. It motivates me to keep learning.

How do you stay updated with the latest trends and threats in cybersecurity?

I keep up with trends through social media, blogs, and conversations with my significant other, who also works in the field. These discussions help me stay informed about the latest developments.

What do you have planned for the rest of the year?

We’re busy at ArcPoint Forensics, enhancing our flagship product, ATRIO. We are continuously listening to customer feedback and have some exciting things coming down the pipeline such as new incident response tools. We’re so excited about the plans we have for 2025, and I can’t wait to see what’s next.

Please check Amy and Arcpoint out at the links below.

• Amy Twitter/X = https://x.com/schamoles
• Amy Tik Tok = https://www.tiktok.com/@amy_arcpoint_ceo
• Amy LinkedIn = https://www.linkedin.com/in/amy-moles
• Amy Instagram = https://www.instagram.com/amy_arcpoint
• ArcPoint Website = https://www.arcpointforensics.com/
• ArcPoint Twitter/X = https://x.com/Contact_APF
• ArcPoint Instagram = https://www.instagram.com/arcpoint_forensics
• ArcPoint YouTube = https://www.youtube.com/@arcpointforensics1404

The post The Security Noob Interviews Amy Moles the CEO & Co-Founder of ArcPoint Forensics appeared first on The Security Noob..

Overview and Structure
The book is well-organized into four main sections, starting with the basics and moving into more advanced concepts. For someone like me, who has only scratched the surface of cryptography, the progression from classical methods (like DES and RSA) to cutting-edge topics like zero-knowledge proofs and quantum cryptography was particularly engaging.

Strengths
Balanced Content for Different Levels of Expertise: Despite its deep dive into advanced topics, the book does a commendable job explaining foundational principles. The sections on symmetric and asymmetric encryption (like AES, Diffie-Hellman, and PGP) are particularly solid and serve as a great refresher or introduction, depending on your familiarity.

Real-World Relevance: The book doesn’t just dwell on theory. It touches on practical scenarios and even the implementation of algorithms like elliptic curve cryptography (ECC), which is directly relevant to blockchain and other modern technologies. Given my work in digital forensics, I found the coverage of digital signatures and hash functions helpful in understanding their use in authentication and integrity verification.

Insight into Emerging Cryptographic Challenges: The third section of the book dives into zero-knowledge protocols and new cryptographic algorithms developed by the author. While some of these concepts are genuinely complex, they offer a glimpse into the future of cryptographic security, including lightweight encryption for IoT—something every DFIR professional should be aware of.

Clear Organization and Summaries: Each chapter ends with a summary that encapsulates key points, making it easier to review complex topics. This is particularly useful when you need a quick refresher or when revisiting content after a while.

Challenges
Dense Material in Advanced Sections: While the basics are accessible, the later sections on homomorphic encryption and quantum cryptography are heavy and might feel overwhelming if you’re not already familiar with the basics. Concepts like Grover’s algorithm and zk-SNARKs (zero-knowledge succinct non-interactive arguments of knowledge) require significant effort to grasp.

Theoretical Depth: Although the book is comprehensive, its approach is more theoretical than hands-on. If you’re looking for more practical implementation details or coding examples, you might need to supplement your reading with additional resources.

Complex New Algorithms: The introduction of custom algorithms like MB09 and MBXI felt a bit niche. While it’s intriguing to see new cryptographic inventions, these sections may not be immediately applicable unless you’re deeply involved in cryptographic research.
Cryptography Algorithms – Second Edition is a well-rounded resource for cybersecurity enthusiasts and professionals looking to deepen their understanding of cryptography. If, like me, you’re someone with foundational knowledge who’s ready to tackle more advanced topics, this book is a solid next step. While some sections may require multiple reads (or even additional study), the overall content is thorough, current, and highly relevant.

For a “security noob” with a passion for cybersecurity and a career in digital forensics, this book strikes a good balance between fundamental concepts and exploring the cutting edge of cryptographic science. If you’re in the same boat, I’d recommend giving it a read.

The post Cryptography Algorithms – Second Edition by Massimo Bertaccini (REVIEW) appeared first on The Security Noob..

Chris Dent, a seasoned PowerShell expert, has crafted this guide with a wealth of knowledge and practical experience. The book is structured to accommodate both beginners and advanced users, featuring clear explanations, real-world examples, and hands-on exercises that make the learning process engaging and effective.

One of the standout features of this book is its practical application focus. Dent goes beyond just explaining PowerShell syntax and commands; he provides in-depth guidance on applying PowerShell scripting to solve real-world problems. From automating routine tasks to managing Active Directory and working with cloud platforms like Azure and AWS, this book covers a broad range of scenarios that IT professionals encounter daily.

The fifth edition is updated to include the latest features and enhancements in PowerShell 7, ensuring readers are equipped with current knowledge and best practices. Dent expands coverage of advanced topics such as error handling, debugging techniques, and performance optimization, enabling readers to write more robust and efficient scripts.

Throughout the book, Dent emphasizes the importance of writing clean, maintainable, and reusable code. He offers valuable insights into scripting best practices, coding standards, and design patterns, helping readers develop scripts that are both functional and easy to understand and modify. Real-world case studies and practical examples reinforce these concepts, demonstrating how PowerShell scripting can be applied in various enterprise environments.

The book also delves into the integration of PowerShell with other technologies and platforms, such as .NET, REST APIs, and databases. This holistic approach allows readers to build powerful and versatile automation solutions that can seamlessly interact with different systems and services.

Security is a significant focus of this book. Dent provides guidance on secure coding techniques, privilege management, and protecting sensitive information, ensuring readers develop scripts that are both effective and secure. The inclusion of an entire chapter on how PowerShell and .NET complement each other extends the capabilities of using PowerShell beyond its standalone functions.

A notable addition to this edition is the invitation to engage with fellow readers through a Discord discussion group, enhancing and broadening the educational experience. The book is accompanied by online resources, including sample scripts, exercises, and additional reading materials, providing ample opportunities to practice and reinforce skills.

Scrolling through the table of contents is like walking into a candy store for PowerShell enthusiasts. Whether you are new to PowerShell or have extensive experience, this book offers a career’s worth of knowledge. Beginners can start at page one and progress through to the last chapter, while experienced users can jump to specific chapters to deepen their knowledge on particular topics.

• Chapters Overview:
• Introduction to PowerShell
• Modules
• Variables, Arrays, and Hashtables
• Working with Objects in PowerShell
• Operators
• Conditional Statements and Loops
• Working with .NET
• Strings, Numbers, and Dates (Online Chapter)
• Regular Expressions (Online Chapter)
• Files, Folders, and the Registry
• Windows Management Instrumentation
• Working with HTML, XML, and JSON
• Web Requests and Web Services
• Remoting and Remote Management
• Asynchronous Processing
• Graphical User Interfaces
• Scripts, Functions, and Script Blocks
• Parameters, Validation, and Dynamic Parameters
• Classes and Enumerations
• Building Modules (Online Chapter)
• Testing
• Error Handling
• Debugging

Mastering PowerShell Scripting – Fifth Edition is an indispensable resource for anyone looking to master PowerShell scripting. Chris Dent’s expertise, practical approach, and up-to-date coverage make this book a must-have for IT professionals and developers. Whether you are a PowerShell novice or an experienced user seeking to expand your skills, this book provides the knowledge and tools necessary to become a PowerShell scripting expert.

The post Mastering Powershell Scripting by Chris Dent (REVIEW) appeared first on The Security Noob..

Kali Linux, an advanced penetration testing distribution, is renowned for its comprehensive suite of security tools. Glen D. Singh’s book dives deeply into these tools, offering practical guidance on their application in real-world scenarios. The book’s structure allows readers to start from basic concepts and progress to advanced techniques, making it suitable for both beginners and experienced professionals.

The book begins with an introduction to ethical hacking and penetration testing, emphasizing the importance of understanding the motivations behind attacks and the necessity of adopting a proactive security stance. This foundation sets the stage for more complex topics, ensuring readers grasp the fundamental principles of cybersecurity before delving into the technical details.

One of the key strengths of this book is its practical approach. Singh emphasizes the importance of setting up a personal penetration testing lab. This hands-on environment allows readers to safely explore and experiment with the tools discussed in the book. The author provides detailed instructions for setting up virtual machines, configuring networks, and installing necessary software, ensuring readers can replicate a controlled testing environment.

Core Penetration Testing Concepts

The book covers core penetration testing concepts extensively. These include reconnaissance, vulnerability assessment, exploitation, post-exploitation, and reporting. Each concept is broken down into manageable sections, with clear explanations and practical examples. This approach not only aids comprehension but also allows readers to see how different tools and techniques fit into the overall penetration testing process.

Reconnaissance and Footprinting

Reconnaissance and footprinting are critical first steps in any penetration test. Singh guides readers through the process of gathering information about target systems, using both passive and active techniques. Tools such as Nmap and Maltego are explored in detail, providing readers with the knowledge to identify potential vulnerabilities before attempting exploitation.

Vulnerability Assessment

Vulnerability assessment is another crucial aspect of penetration testing. Singh covers various tools and methods for identifying security weaknesses in systems. Nessus, OpenVAS, and the built-in vulnerability scanners within Kali Linux are discussed, along with practical examples of their use. The author emphasizes the importance of thorough vulnerability assessment to identify as many potential entry points as possible.

Advanced Penetration Testing Techniques

As readers progress through the book, they are introduced to more advanced techniques. These include network penetration testing, wireless network attacks, and web application testing. Each section builds on the previous one, gradually increasing in complexity and depth.

Network Penetration Testing

Network penetration testing is a critical skill for any cybersecurity professional. Singh covers various network-based attacks, including ARP spoofing, man-in-the-middle attacks, and exploiting network services. Tools like Metasploit are discussed in detail, with step-by-step instructions for using them to compromise target systems.

Wireless Network Attacks

Wireless networks present unique challenges for penetration testers. Singh dedicates a significant portion of the book to wireless network attacks, including WEP and WPA/WPA2 cracking, rogue access points, and denial-of-service attacks. Tools like Aircrack-ng and Reaver are explored, providing readers with the knowledge to assess the security of wireless networks effectively.

Web Application Testing

Web applications are a common target for attackers, and understanding how to test them for vulnerabilities is crucial. Singh covers various web application testing techniques, including SQL injection, cross-site scripting (XSS), and session hijacking. Tools like Burp Suite and OWASP ZAP are discussed, with practical examples of their use in identifying and exploiting web application vulnerabilities.

Exploiting Security Weaknesses

Once vulnerabilities have been identified, the next step is exploitation. Singh provides comprehensive coverage of exploitation techniques, using tools like Metasploit to gain access to target systems. The author emphasizes the importance of understanding the underlying vulnerabilities and how they can be exploited, rather than simply relying on automated tools.

Post-Exploitation

Post-exploitation is a critical phase of penetration testing, where the goal is to maintain access and gather as much information as possible from the compromised system. Singh covers various post-exploitation techniques, including privilege escalation, lateral movement, and data exfiltration. Tools like Mimikatz and Empire are discussed, providing readers with the skills to effectively exploit compromised systems.

Command and Control (C2) Operations

Command and control (C2) operations are a vital component of advanced penetration testing. Singh covers various C2 frameworks, including Cobalt Strike and Empire, providing readers with the knowledge to set up and use these tools for effective command and control operations. The author emphasizes the importance of understanding the capabilities and limitations of different C2 frameworks, and how to use them to achieve specific objectives.

Active Directory and Enterprise Network Exploitation

Active Directory (AD) is a common target for attackers, and understanding how to exploit AD environments is crucial for penetration testers. Singh covers various AD attack techniques, including Kerberoasting, Pass-the-Hash, and Golden Ticket attacks. The author provides detailed instructions for using tools like BloodHound and Mimikatz to compromise AD environments and gain access to sensitive information.

Best Practices for Penetration Testing

Throughout the book, Singh emphasizes the importance of following best practices for penetration testing. This includes maintaining detailed documentation, adhering to legal and ethical guidelines, and ensuring that testing activities do not disrupt normal business operations. The author provides practical advice for conducting penetration tests in a professional and responsible manner, ensuring that readers understand the importance of maintaining high standards in their work.

One of the standout features of this book is the use of real-world scenarios and case studies. Singh provides numerous examples of actual penetration tests, illustrating how the techniques and tools discussed in the book can be applied in practice. These case studies provide valuable insights into the challenges and complexities of real-world penetration testing, and help readers understand how to adapt their skills to different environments.

“The Ultimate Kali Linux Book: Harness Nmap, Metasploit, Aircrack-ng, and Empire for Cutting-Edge Pentesting, Third Edition” by Glen D. Singh is an invaluable resource for anyone interested in penetration testing and cybersecurity. The book’s comprehensive coverage of tools and techniques, combined with its practical approach and real-world examples, make it an essential guide for both beginners and experienced professionals. By following Singh’s guidance, readers will gain the skills and knowledge needed to conduct effective penetration tests and secure their systems against potential threats.

Overall, this book is a must-read for anyone serious about advancing their career in cybersecurity. Singh’s expertise and passion for the subject shine through on every page, making “The Ultimate Kali Linux Book” an engaging and informative read. Whether you are just starting out in the field or looking to expand your existing knowledge, this book provides the tools and techniques needed to succeed in the ever-evolving world of penetration testing.

In addition to the technical content, Singh’s emphasis on ethical considerations and best practices ensures that readers understand the importance of conducting penetration tests in a professional and responsible manner. This holistic approach to penetration testing sets the book apart from others in the field, making it a valuable resource for anyone looking to improve their skills and advance their career in cybersecurity.

The post The Ultimate Kali Linux Book: Harness Nmap, Metasploit, Aircrack-ng, and Empire for Cutting-Edge Pentesting, Third Edition by Glen D. Singh (REVIEW) appeared first on The Security Noob..

With a strong technical background and a passion for unravelling complex cyber incidents, Kevin has become a trusted expert in investigating and mitigating cyber threats.

When i first started getting into DFIR and was searching for all blogs and tools to help me, one of the sites i found myself revisiting again and again was https://start.me/p/q6mw4Q/forensics

Not only is this an amazing resource for tools that is kept neat and tidy so easy to find what you are looking for:

But the site has a brilliant blog feed too with the whole site being kept fresh and up to date.

On top of this he has amazing DFIR related shirts for sale

Hope you like the interview as much as i did liked giving it.

Can you tell us about your background and how you got started in DFIR?

I actually went to college for Digital Forensics. I originally wanted to be a video game programmer so I chose Computer Science as a major. I quickly learned that I was horrible at Java programming so my second semester I switched over to Computer Forensics major and from there it was full steam ahead.

Out of college I was able to get a contract position doing eDiscovery and HR investigations for The Hershey Company (yes there is chocolate everywhere). From there I pivoted to my current position with Siemens Healthineers, starting by doing eDiscovery and some forensics but pivoting to full time forensics a few years later.

I also work some part time positions doing R&D

What motivated you to start your blog, stark4n6.com?

Sharing is caring. At the time there were a bunch of blogs out there that I followed but I wanted more, so once I started doing my own research, I wanted to contribute back to the community. And the blog was created. It’s been a nice place to dump thoughts, publish my work and house updates on scripts and tools I’ve worked on.

What advice would you give to someone just starting out in digital forensics?

Put yourself out there. Create a blog, make posts on your research, or even do CTF writeups or your experiences of working with artifacts or tools that are available.

Networking is also key. Try to get to conferences and chat with peers or do it virtually through LinkedIn, Twitter/X or other social media platforms. You never know what opportunities may come from your interactions.

Are there any common mistakes that beginners in DFIR should be aware of and avoid?

Don’t be afraid to fail/learn from your mistakes. They will inevitably happen.

Don’t be afraid to ask questions, there are so many people in the community that will lend a hand if you need help.

You can only learn one of either Python or PowerShell, what are you choosing?

I don’t know much about PowerShell (but I do want to learn). I would choose Python at this stage. I’m learning constantly while working on coding projects so I still have a lot to learn but it has helped greatly in automation and parsing for my research.

What skills do you believe are essential for professional growth in DFIR?

Continuous learning, don’t ever think that you know everything. DFIR is fast paced and you can get outclassed very quickly if you don’t stay on top of trends and updates in the industry.

What do you think the future holds for digital forensics and incident response?

Work will always be there, especially with the rise of nefarious actors. It might seem cliché but AI will for better/worse continue to ramp up, so how do we detect its usage and how can we leverage it for good.

I also think we’ll see a continued cat and mouse game from the mobile side of how can we squeeze out more evidence from devices that continuously get further and further secure (as well as cloud platforms like iCloud or Google’s offerings)

Top 5 go to DFIR tools you couldn’t live without?

It’s hard to narrow down to just 5 but I’ll try.

• Number 1, I’ll start with the LEAPPs (iLEAPP/ALEAPP) as one. I like to consider them a unit as they do the same thing basically just across different platforms. They are free and it’s super easy to add to (please join us in contributing!). Maybe I’m biased because I help with development.
• Number 2, EZ Tools/KAPE. More free tools for the win. Eric has done amazing work in creating these for the community and practitioners alike. They help quickly triage data like no other. I guess I could lump TimelineExplorer in here as I use that more than Excel these days.
• Number 3, Magnet AXIOM is my go-to from the commercial side. I’d say most of my day to day work flows through it at some point
• Number 4, Not specifically DFIR but DB Browser for SQLite, I wouldn’t be able to do so much mobile forensics research as easily without it
• Number 5, USB Detective, we get a lot of cases of potential exfiltration so being able to triage quickly devices plugged in and files/folders opened and interacted with is convenient

How do you envision the role of automation and AI evolving in DFIR?

We are already seeing AI being implemented into many commercial tools so it’s not surprising that we’ll see it more and more. I think automation has a good place from the processing side of the house to help quickly get data into the analysis side. While I think AI will help with certain aspects of the analysis I do still think the analysts will still need to assess what is happening and to not just solely rely on the tools to “find evidence”.

What do you have planned for the rest of the year?

I’m gearing up for parental leave so that’s going to be the biggest thing planned for the rest of the year (and the rest of my life haha).

In terms of DFIR, I’m hoping to get more projects and research out to the community, more blog posts, more collaboration, more building out of my StartMe page (https://startme.stark4n6.com).

Hopefully more designs on my shops too! (shameless plug) https://www.teepublic.com/user/stark4n6

The post The Security Noob interviews Kevin Pagano of stark4n6 appeared first on The Security Noob..

Practical and Engaging Content

The strength of “Black Hat Python” lies in its practical approach. From the get-go, the authors immerse you in the hacker’s mindset, providing detailed code snippets and real-world examples that illustrate each concept effectively. Whether you’re writing your first network sniffer or developing sophisticated payloads, the book’s step-by-step instructions ensure you’re never lost.

Broad Range of Hacking Techniques

One of the standout features of this book is its comprehensive coverage of various hacking techniques. You’ll explore:

• Network Interaction: Learn how to manipulate network traffic and create powerful network sniffers.
• Web Scraping: Extract useful data from websites using Python libraries like BeautifulSoup.
• Keylogging and Screen Capturing: Develop your own keyloggers and screen capture tools, essential skills for understanding system vulnerabilities.
• Exploit Development: Dive into the world of exploit creation, learning how to craft and deploy exploits against different systems.
• Persistence and Stealth: Master techniques to maintain access to compromised systems and evade detection.

Advanced Topics for Serious Hackers

For those looking to push their skills further, the book delves into advanced hacking topics. You’ll learn to write custom trojans, automate common attacks, and even create backdoors for data exfiltration. The second edition, co-authored by Tim Arnold, ensures that the content is up-to-date with the latest in cybersecurity trends and Python advancements.

Ideal for Security Professionals

“Black Hat Python” is tailored for security professionals, ethical hackers, and even Python programmers who want to pivot into the cybersecurity domain. The book does an excellent job of balancing theory with practice, making complex concepts accessible without diluting their sophistication.

A Must-Have for Your Bookshelf

In the vast sea of cybersecurity literature, “Black Hat Python” stands out for its clarity, depth, and practicality. It’s not just a book you read; it’s a manual you’ll find yourself referring back to time and again. Whether you’re looking to enhance your Python skills or deepen your understanding of offensive security, this book is a must-have.

In conclusion, if you’re serious about mastering the art of hacking with Python, “Black Hat Python” by Justin Seitz and Tim Arnold is the guide you need. Its real-world examples, comprehensive coverage, and practical exercises make it an invaluable resource in the arsenal of any ethical hacker or penetration tester. Happy hacking!

Really planning on going more into Python over the remainder of this year, pray for me lol.

The post Black Hat Python by Justin Seitz and Tim Arnold (REVIEW) appeared first on The Security Noob..

In a landscape often cluttered with verbose technical manuals, McDonald’s book stands out for its simplicity and accessibility. From the outset, it’s evident that the author’s primary objective is to equip readers with the essential knowledge needed to harness the full potential of Python swiftly and efficiently.

What sets “Dead Simple Python” apart is its focus on idiomatic Python—the elegant and Pythonic way of writing code that adheres to the language’s principles and best practices. McDonald expertly guides readers through the intricacies of Python syntax, highlighting common pitfalls and providing clear explanations to help readers grasp the language’s nuances effortlessly.

The book is structured in a manner that is conducive to rapid learning, with each chapter building upon the previous one in a logical progression. McDonald covers a wide array of topics, from basic data types and control flow structures to more advanced concepts such as object-oriented programming and functional programming paradigms. Throughout the book, readers are treated to practical examples and hands-on exercises that reinforce learning and promote active engagement with the material.

One of the book’s greatest strengths lies in its brevity and conciseness. McDonald wastes no time delving into unnecessary technical jargon or esoteric details, opting instead to focus on the core concepts that are essential for proficiency in Python programming. As a result, readers can quickly grasp the fundamentals of the language without feeling overwhelmed or bogged down by extraneous information.

Moreover, McDonald’s writing style is both engaging and approachable, making “Dead Simple Python” a pleasure to read from start to finish. Whether you’re a programming novice embarking on your Python journey or an experienced developer seeking to refine your skills, this book offers something for everyone.

“Dead Simple Python” is a must-have resource for anyone looking to master Python programming in a fast, efficient, and enjoyable manner. Jason C. McDonald’s expertise, coupled with his clear and concise writing style, makes this book an invaluable addition to any programmer’s library. Whether you’re looking to build your first Python application or deepen your understanding of the language’s intricacies, “Dead Simple Python” is sure to become an indispensable companion on your programming journey.

The post Dead Simple Python Idiomatic Python for the Impatient Programmer by Jason C. McDonald (REVIEW) appeared first on The Security Noob..

DiMaggio adeptly opens the discussion by tracing the evolution of cyber threats, from the innocuous Yankee Doodle virus of 1989 to the sophisticated state-sponsored attacks witnessed today. Drawing attention to the stark reality that no organization or nation is immune, he underscores the imperative for proactive preparedness in the face of cyber threats.

The initial chapters of the book serve as a wake-up call, offering a plethora of real-world examples of nation-state attacks and state-sponsored financial assaults. DiMaggio confronts the prevalent misconception that only high-profile entities are targeted, compelling security management to confront the harsh truth and advocate for robust security measures to senior leadership.

A standout aspect of the book is its in-depth analysis of the North Korean threat. Despite the socioeconomic challenges faced by the Democratic People’s Republic of Korea (DPRK), DiMaggio illuminates its formidable digital capabilities and patient approach to infiltration. Through meticulous observation and reconnaissance, DPRK attackers methodically exploit vulnerabilities, posing a significant threat to unsuspecting organizations.

Part two delves into the intricacies of threat hunting and the analysis of advanced cyberthreats. DiMaggio navigates readers through the arsenal of tools available for attribution, cautioning against hasty accusations that can lead to detrimental consequences. By emphasizing the complexity of attribution, he imparts invaluable guidance on navigating the murky waters of cyber investigation with prudence and precision.

“The Art of Cyberwarfare” serves as an indispensable guide for those seeking to navigate the ever-expanding threat landscape. Through a blend of historical context, contemporary case studies, and practical insights, DiMaggio empowers readers to understand the nuances of cyber warfare and fortify their defences against potential attacks.

“The Art of Cyberwarfare” stands as a beacon of knowledge in the realm of cybersecurity literature. Jon DiMaggio’s meticulous research, coupled with his accessible writing style, ensures that readers of all backgrounds can grasp the complexities of cyber threats and take proactive measures to safeguard their digital assets. Whether you’re a cybersecurity professional or a concerned citizen, this book offers invaluable guidance for navigating the digital battlefield with vigilance and resilience.

Regards

Alex

The post The Art of Cyberwarfare: An Investigator’s Guide to Espionage, Ransomware, and Organized Cybercrime by Jon DiMaggio (REVIEW) appeared first on The Security Noob..

But that’s not all—beyond the lines of code and encryption algorithms lies a fascinating personal story. Embracing her authentic self, our guest is a proud trans woman who walks her own path, challenging stereotypes and inspiring change. Known to embark on a daily 21 km hike, she brings the same resilience and determination to her professional endeavors.

Leigh is such a lovely woman who I have been following along with for a while now since she started training with Occupy the Web.

Hope you enjoy the interview as much as i enjoyed giving it.

Can you tell me about your experience as an Armored Recon Patrol Commander, what were some of the tasks and things you done in the role, I am always fascinated by the military as an anti-monarch in the UK it’s not something I ever would have considered?

I was an armoured crewman in the Canadian forces for 15 years. I served as an armoured reconnaissance crew member in Yugoslavia, and as a leopard main battle tank commander in Afghanistan. I ended my career as an armoured recon patrol commander.

How did you transition from being a military commander to becoming a Red Team hacker?

My last tour in Afghanistan was particularly rough. Living with all the humans I had killed and 10 months of war; I was diagnosed with PTSD a year after I got home. Suddenly I was a civilian again, not adjusting well at all. At my lowest my once supportive spouse told everyone I was trans (was living as a man) and filed for divorce. I lost everything it felt at the time.

Green’s harbour the town I was living in gave me nothing but harassment, threats and bullying for being trans. I had no family outside of parents, who I was trying to appear strong for. In that total isolation I started programming.

I did a C# bootcamp and fell in love. Suddenly I was creating things instead of destroying as I had done all my life. Out of nothing more than my imagination and VS code. I took a python bootcamp and that’s when my programming really took off.

I started building hacking tools just for the coolness factor. It was just a fun puzzle for me.  I found myself making simple viruses and malware that I would share on #100daysofcode on Twitter. It started getting a lot of attention.

I applied for university and got ready to start software engineering. However, with PTSD and the abuse I was going through in my “community” my doctors and I decided it wasn’t a good time. Suddenly the modular nature and self-study nature of hacking really appealed to me. I was approached by OTW at that time and began his series of lectures. I haven’t looked back.

What inspired this change in career path?

It’s kinda who I was before I joined the army really. I was a nerdy 17 yr old. Editing our cog files in Jedi Knights to make our own cheats. Using CdC Back orfice to hack our friends. Ping attacks on ICQ. Then I ran off and joined the army at 18.

What programming languages, specifically Python and C#, do you find most useful in your hacking endeavors, and why and also do you know PowerShell as I am currently using both PowerShell and Python and want to take one further but can’t decide which one?

Python, and bash is mostly what I use regularly. Bash I’ve just been learning on the fly out of necessity. Ruby comes up quite a bit with exploits. C for Ghidra.

Can you share some interesting or challenging projects you’ve worked on as a programmer or hacker?

I helped Ukraine on some projects that I’m very proud of. That’s the highlight for sure.

How has your identity as a transwoman influenced your experiences in the tech and cybersecurity fields?

I joke with other trans women hackers that being trans really should never be an issue. If you know my identity red teaming; I’ve really messed up. Not good!

Honestly, I call industry experts friends and have never experienced transphobia from anyone who mattered. I truly believe just by nature of the infosec field; people must be open to change.

I’ve been thanked by trans hackers who see me representing out there. I give them confidence to do the same. I have very conservative people reach out to tell me they’ve changed their minds about trans people due to my hacking.

Being trans rarely comes up in my real life. I’m living a very happy life as a straight woman. All I ever desired in life. I’m also a huge nerd first and foremost. I identify as a hacker.

Programmers were the first people who showed me I could actually have a place in the world as trans woman. I could have dignity which is important to me.

What aspects of Viking culture or history resonate with you, and how do they influence your life today?

I come from a long line of boat builders of Viking descent. I’ve built two myself. It’s a culture of exploration and conquest. Science. I’ve continually awoke on battlefields for a large portion of my life.

What led you to become interested in cybersecurity and ethical hacking, we share a friend in common and I am SO jealous you are getting taught by him but how did you come to be trained from Occupy the Web?

OTW approached me about joining his platform 15 months ago and I haven’t looked back. He taught me everything I know. His classes are amazing and the rabbit holes I find myself tossed down into are the absolute best.

How do you stay up to date with the latest trends and developments in both the cybersecurity and programming worlds?

Hackers arise discord. Reddit is probably the best source, surprisingly.

What advice do you have for individuals interested in pursuing a career in ethical hacking or cybersecurity?

I would focus on the hacking itself before the certifications. Share what you’re doing with the tech world online. Networking on twitter has landed me all my roles. I honestly don’t even a have resume.

Be wary of how much mental energy things like news media can take away from you. I found me knowing about a major world event didn’t do anything to fix it. I just wasted my own mental energy. Although hard sometimes; I avoid media and just focus on hacking and studying. Things that develop and build me up.

Are there any specific tools or resources you recommend for aspiring hackers or programmers like is Python a must?

I think having some web app programming and backend developer skills is a must have for hackers. When someone starts learning Linux and networking along the hacking journey, they should start programming too. I’ve found my projects programming with MySQL for example really helpful.

What are your long-term goals and aspirations, considering your diverse background and skill set?

Red team at a major company with flexible hours so I can hike a few hours in the morning. 150,000 a year. A job where I can stay constantly studying and practicing the cutting edge of hacking things.

The post Interview with Hacker, Programmer and Former Armoured Recon Patrol Commander Leigh Trinity appeared first on The Security Noob..

• [DFIR TOOLS] Timeline Explorer, what is it & how to use!
• [DFIR TOOLS] AmcacheParser, what is it & how to use
• [DFIR TOOLS] AppCompatCacheParser, what is it & how to use!
• [DFIR TOOLS] bstrings, what is it & how to use!
• [DFIR TOOLS] EvtxECmd, what is it & how to use!
• [DFIR TOOLS] Hasher, what is it & how to use!

First lets see what JumpLists are?

Jump Lists are a feature in Microsoft Windows that provide quick access to recently used files, tasks, and specific actions associated with a particular application or program. They were introduced in Windows 7 and have been present in subsequent versions of the operating system.

Here’s how Jump Lists work and what they offer:

1. Quick Access to Recent Items: Jump Lists are typically associated with icons on the Windows taskbar, Start menu, or the taskbar notification area. When you right-click on an icon, a context menu called the Jump List appears. This list displays recently opened files or tasks related to that specific application. For example, if you right-click on the Microsoft Word icon, you might see a list of recently opened Word documents.
2. Pinned Items: You can also pin items to a Jump List, which means you can add specific files or tasks to the list for easy access. These pinned items remain on the list even if they are not the most recently used items.
3. Common Tasks: Jump Lists often include common tasks or actions associated with the application. These tasks can vary depending on the program but might include options like creating a new document, opening a new window, or accessing settings.
4. Customization: Some applications allow you to customize their Jump Lists. For example, in the case of web browsers like Microsoft Edge or Google Chrome, you might find options to quickly open your favorite websites or bookmarks.
5. Privacy and Security: Jump Lists respect privacy and security settings. If you have sensitive documents you don’t want others to see, make sure to manage your Jump List settings and clear recent items as needed.

Jump Lists are designed to streamline your workflow by providing quick access to frequently used files and tasks without the need to open the application first. They can be particularly useful for improving productivity and efficiency in your daily computing tasks.

Introduction to JLECmd

JLECmd is a powerful tool created by Eric Zimmerman for parsing JumpList files on Windows. JumpLists are native to the Windows operating system and can provide valuable insights into file access history. This tool is particularly useful for digital forensics and incident response professionals, as well as law enforcement and the private sector, for investigating file access and user activity.

Use Cases

Law Enforcement: JLECmd can be used by law enforcement agencies to parse JumpLists, providing valuable evidence of file access attributed to specific user accounts. This information can be crucial in criminal investigations, revealing when a file was last accessed.

Private Sector: In the private sector, JLECmd is a valuable tool for parsing JumpLists to determine file access by specific user accounts. It can be used alongside other forensic artifacts like Shellbags and LNK files to investigate unauthorized access and threat actor activity.

JLECmd Switches

JLECmd provides various command-line switches to customize its behavior. Below is a list of the most commonly used switches:

• -f <file>: Specifies the JumpList file to process (required).
• -d <directory>: Specifies the directory to recursively process (required).
• –all: Processes all files in the directory, not just files with specific extensions.
• –csv <csv>: Saves results in CSV format to the specified directory (required unless using –json or –de).
• –csvf <csvf>: Specifies the name of the CSV file to save results (overrides default).
• –json <json>: Saves results in JSON format to the specified directory. Use –pretty for a more human-readable lout.
• –html <html>: Saves results in XHTML format to the specified directory (be sure to include the full path in double quotes).
• –pretty: When exporting to JSON, uses a more human-readable layout.
• -q: Only shows the filename being processed instead of all output (useful for speeding up exporting to JSON or CSV).
• –ld: Includes more information about LNK files.
• –fd: Includes full information about LNK files; alternatively, you can use –dumpTo and process with LECmd.
• –appIds <appIds>: Path to a file containing AppIDs and descriptions (appid|description format). New appIds are added to the built-in list.
• –dumpTo <dumpTo>: Specifies the directory to save exported LNK files.
• –dt <dt>: Sets the custom date/time format to use when displaying timestamps.
• –mp: Displays higher precision for timestamps.
• –withDir: Shows the contents of directories not accounted for in DestList entries.
• –debug: Shows debug information during processing.
• –trace: Shows trace information during processing.
• –version: Displays the tool’s version information.
• -?, -h, –help: Shows help and usage information.

JLECmd Command Examples

Here are some examples of how to use JLECmd for various tasks:

Parse a single JumpList and view results in the console:

.\JLECmd.exe -d C:\Users\Muldwych\AppData\Roaming\Microsoft\Windows\Recent –all

Parse a single JumpList and output results to CSV at a specified location:

.\JLECmd.exe -f C:\Users\Muldwych\AppData\Roaming\Microsoft\Windows\Recent-\0f84c0223414a84ccaae529c25147153a7c12b6427bb9e00d2f2219118657baf.zip.lnk –csv C:\Tools\net6\JLECmd

Parse a single JumpList, output to JSON in pretty format:

.\JLECmd.exe -f C:\Users\Muldwych\AppData\Roaming\Microsoft\Windows\Recent-\0f84c0223414a84ccaae529c25147153a7c12b6427bb9e00d2f2219118657baf.zip.lnk –json C:\Tools\net6\JLECmd –pretty

Parse a directory, output to CSV at a specified location, output to HTML at a specified location, and output to XML while only showing the filename being processed (used to speed up processing):

JLECmd.exe -d “C:\Temp” –csv “c:\temp” –html c:\temp –xml c:\temp\xml -q

Parse all files in a directory (regardless of presence of .JumpList extension):

.\JLECmd.exe -d C:\Users\Muldwych\Downloads –all

Parse a JumpList and include LNK details:

.\JLECmd.exe -f C:\Users\Muldwych\AppData\Roaming\Microsoft\Windows\Recent-\20231008092234_LECmd_Output.csv.lnk –ld

Parse a JumpList and include full LNK file details:

\JLECmd.exe -f C:\Users\Muldwych\AppData\Roaming\Microsoft\Windows\Recent-\20231008092234_LECmd_Output.csv.lnk –fd

Parse a JumpList, customize AppIDs, and specify a custom date/time format:

\JLECmd.exe -f C:\Users\Muldwych\AppData\Roaming\Microsoft\Windows\Recent-\20231008092234_LECmd_Output.csv.lnk –appIds “C:\temp\AppIDs.txt” –dt “yyyy-MM-dd HH:mm:ss”

These examples should help you get started with using JLECmd to parse JumpList files and analyze the resulting data. JLECmd is a versatile tool that can be tailored to various forensic and investigative needs.

Additional Resources

For more information and updates about JLECmd, you can visit Eric Zimmerman’s GitHub repository: https://github.com/EricZimmerman/JLECmd.

Disclaimer

JLECmd is a powerful forensic tool, and its usage should comply with all legal and ethical guidelines. Always obtain proper authorization before using it for investigations, and ensure you have the necessary permissions to access and analyse the relevant data.

The post [DFIR TOOLS] JLECmd, what is it & how to use! appeared first on The Security Noob..