Sensei's Forensics

Hi there, I'm Hasan. I'm currently working as a Security Engineer at Ebryx. It's my personal blog to reflect back on whatever knowledge I've gathered!

Command-line Auditing on Windows: Why You Need It!

Oct 15, 2020

It’s unfortunate that the Windows Command Prompt, the descendant of the prehistoric command.com from MS-DOS, has no persistent storage of command execution. It does, however, support temporary storage of commands...

Uncovering Attacks: Cross-site Scripting (XSS)

May 8, 2020

In this episode of “Uncovering Attacks”, let’s explore ‘Cross-site Scripting’ or which commonly goes by its acryonym, ‘XSS’. Cross-site scripting is a web security vulnerability or injection attack in which...

Uncovering Attacks: SSH Brute-forcing

May 7, 2020

As a defender, having sound knowledge of how actors operate and the techniques they utilize is important. This should give us an idea about the path the attacker must’ve followed...

Windows DLLs: Attacks in a Nutshell

May 5, 2020

What are DLLs? Dynamic-link Libraries (DLLs) are Microsoft’s implementation of shared code on the Windows Operating System. By means of modularizing code into smaller segments and individual files, Windows applications...

Windows API Calls: More on Processes and Memory

May 4, 2020

In the previous article, I talked about the WTSEnumerateProcessesEx API call to enumerate processes on a local machine via the Windows Terminal (RDS) service. Today, we’ll go over a few...

Windows API Calls: Process Listing APIs

Apr 30, 2020

Let’s continue our series on Windows API Calls and today, we’ll be discussing some of the many methods, Windows provides to enumerate the processes on a system. Process Enumeration Why...

Windows API Calls: The Malware Edition

Apr 29, 2020

Windows API, in short, the WinAPI, is a set of functions and procedures, which can abstract much of the tasks you perform everyday on the Windows OS. The Application Programming...

LimaCharlie: A Quick Overview

Apr 27, 2020

LimaCharlie is an endpoint security platform which which was developed by ‘Refraction Point’, a group of cyber-security experts. It’s key module serves the capabilities of an Endpoint Detection and Response...

System Monitoring and Detections Using 'osquery'

Apr 27, 2020

‘osquery’ is an open-source tool which can be used to audit an operating system and all its configurations as an SQL-based relational database. It does so by exposing the OS,...

Windows Registry: Malware Persistence

Apr 15, 2020

Maintaining foothold is one of the key objectives of an adversary. Detecting that foothold is one of your key objectives as a forensicator! A few techniques which these adversaries for...

Defender's Toolkit 102: Regular Expressions

Apr 15, 2020

Let’s continue with our series on a Defender’s Toolkit. Today, we’re going to discuss Regular Expressions! Regular expressions (or regex) allow you to search through texts for a sequence or...

IBM QRadar: The Architecture!

Apr 14, 2020

Before you get started with the deployment of QRadar in your infrastructure, you need to understand the several components it makes use of to function properly. IBM QRadar SIEM (Security...

Defender's Toolkit 101: Yara Rules!

Apr 6, 2020

In today’s blog, we’ll be covering a short portion of one of the most versatile tools ever built for us Forensicators - Yara! Yara is your one-stop solution to detect...

Introduction to the AWS CLI

Apr 4, 2020

In today’s blog, we’ll be discussing the Amazon Web Services (AWS) CLI, which we can use to do an array of tasks by the help of our command line! Versions...

Views on 'Snowden'

Apr 1, 2020

The documentary revolves around the NSA whistle-blower, Edward Snowden, who was accused of leaking NSA’s sensitive documents to the media in 2013. It has several moments where the actor is...

The Layers of the OSI Model

Oct 15, 2019

A Story of the Two Kings The Open Systems Interconnection (OSI) model is often considered to be the standard network architecture for implementing network protocols. However, to understand the model...

Welcome to Sensei's Forensics!

Oct 15, 2019

Hi there! We’ll be covering some interesting topics here on the blog as I cruise through my forensics pathway, learning new things and getting more certifications in the field. Feel...

This project is maintained by SyeedHasan