My articles in Chmag

Hi


Well its a late announcement phir bhi
My articles have been posted in Chmag on forensics for Matriux Vibhag, More to come yet 


Forensics Part-I — Introduction and Acquisition
Foreniscs Part-II — Analysis
Forensics Part-III – Analysis part II have to be published , article submitted 🙂


Your Comments and suggestion will make my articles more interesting and knowledge sharing stuff . Please give the feed back after go through them :).

First Indian Security and Hacking Magazine

Advertisements

Articles related to Forensics

Hi friends,

Here is some of the interesting Forensics articles, More coming soon

Linux live forensics

http://www.symantec.com/connect/articles/forensic-analysis-live-linux-system-pt-1
http://www.symantec.com/connect/articles/forensic-analysis-live-linux-system-pt-2

Analysis of Stuxnet using System internals

http://blogs.technet.com/b/markrussinovich/archive/2011/03/30/3416253.aspx

http://blogs.technet.com/b/markrussinovich/archive/2011/04/20/3422035.aspx

http://blogs.technet.com/b/markrussinovich/archive/2011/05/10/3422212.aspx

Stuxnet’s Footprint in Memory with Volatility 2.0

http://mnin.blogspot.com/2011/06/examining-stuxnets-footprint-in-memory.html

Prefetch files at Face Value

http://crucialsecurityblog.harris.com/2011/04/11/prefetch-files-at-face-value/

FatKIT 

Virtual Machine Data recovery using Open VMFS Driver

http://crucialsecurityblog.harris.com/2011/06/08/virtual-machine-data-recovery-using-the-open-vmfs-driver/

Credits::

All the credits will go for the respective authors of the posts , i am only sharing the data .

18.562240 73.802810

Personal

Hi
This blog will be of my personal and official experiences.

Virtual Presence in Words

Hi friends,

I Started with my words in word press. As all the blogger are starting with word press and the most interesting topic in some security meets is word press security , I am starting the blog to check the updates , I know I am late to start this but there is old saying “Something is better than nothing”  🙂 .

You can get my details here

Registrations Open for nullcon Dwitiya

 Hi friends,

     We null-The Open Security Community presents you with nullcon Dwitiya with awesome topics which are going to be on Feb 25,26 2011 at the India’s most beautiful holiday spot GOA. Get more details from below links.

 Registrations Started for nullcon Dwitiya get your Pass today for details http://nullcon.net/register 

 Have a look at nullcon Dwitiya topics http://nullcon.net/speakers

 Get the venue details from http://nullcon.net/venue/

CHMAG

Hi friends,

In India we were waiting to see any ‘hacking’ magazine to happen and the wait was getting little longer. So finally ClubHack decided to come out with its own 1st  Indian “Hacking” Magazine called CHmag. We at ClubHack are very much excited about the magazine and this fits into our main objective of making hacking and information security a common sense for a commn man.To start with we have the sections below. We hope to add a lot of sections in future, all we need is input from you on what would you like to see in your magazine Moving further we need a lot of help form the whole information security community of the country to make this a success.

ClubHack magazine which has 11 issues till date u can check www.chmag.in  for the issues.Its a free magazine to get and to contribute if you have any new ideas / want to share any new technologies with security enthusiasts u can send here it will printed in the magazine if the topic has the stuff and  We at ClubHack aremore than thrilled about the magazine and this fits into our main objective of making hacking and information security a common sense This magazine is divided into the following sections:
0x00 Tech Gyan of the month
0x01 Legal Gyan of the month
0x02 Tool Gyan of the month
0x03 Command Line Gyan of the month
0x04 Mom’s Guide of the month
0x05 Awareness Poster of the month

We hope to add a lot of sections in future, all we need is input from you as to what you would like to see in your magazine

Recent CHmagazine issue

Hope you enjoy the magazine and get the knowledge .

Support is the need for the development.

by
CHTeam.

KERNEL the heart of operating system

Hi Friends,

    Most of us use Linux boxes we can identify and update our Linux kernels if any updates / patches released we know that how to patch /update the kernels but what about windows box , will windows use kernels ? The answer is yes no operating system will run without a kernel, kernel is the heart /mind for the operating systems. Then

Can we identify our windows Kernel versions? How?
Will Linux and windows use same kernel?
How can we update our kernels in windows?
What details can we get in kernel?

                We can identify our windows kernel, but we don’t have any direct option to get windows kernel version, but yes we can get them by some log entries and using some third party tools or from the registry entries.

    When we boot a windows box an entry is generated in event log with “EVENT ID 6009”.

    The log entry doesn’t indicate whether you booted the PAE (Physical Address Extension) version of the Kernel.    We can determine the PAE Kernel version in the registry entry HKLM/SYSTEM/Current Control Set/Control/Session Manager > Physical Address Extension.

Another Process to identify your kernel details by using System Internals tools like WinDBG. Open a local Kernel version using debugging session type “List Module” to list the details for the kernel image.

*please be sure the symbols are present.

We can check Product Type and Product Suite under HKLM/System/Current Control Set/Control/Product Options > Product Type and Product Suite.

Kernel is purely works on the base of HAL (HAL is a layer of code that isolates the kernel, device drivers, and the rest of the Windows executive from platform-specific hardware differences).

Linux and windows use different Kernels

By changing / upgrading our operating systems we can change the kernel versions till now Windows vista have WinNT and Windows server 2008 have Lanman NT / server NT as a product ID.

We can use tools like SIPolicy and Windows Driver Kit to get more details about Kernel.

18.562240 73.802810