LoRa messenger for secure, off-the-grid communication

LoRa messenger for secure, off-the-grid communication

  • https://www.cnx-software.com/2021/07/09/nokia-e63-phone-converted-into-lora-messenger-for-secure-off-the-grid-communication/
  • https://www.youtube.com/watch?v=WXuQERL_e8M
  • https://www.dhs.gov/science-and-technology/news/2017/11/17/snapshot-atak-increases-situational-awareness-communication
  • https://baofengtech.com/product/uv-5r/
  • https://meshtastic.org/docs/software
  • https://www.youtube.com/watch?v=QMxKLkzNQV8
  • https://www.youtube.com/watch?v=vxF1N9asjts
  • https://www.youtube.com/watch?v=gqAsWtIjHUY
  • https://baofengtech.com/product/uv-5r/
  • https://sensibo.com/pages/sensibo-pure
  • https://www.youtube.com/watch?v=gqAsWtIjHUY

Windows and Linux Threat Hunting

Windows and Linux Threat Hunting

  • Windows ASEPs
    • https://cyberforensicator.com/2019/04/25/characteristics-and-detectability-of-windows-auto-start-extensibility-points-in-memory-forensics/
    • https://www.sans.org/blog/offline-autoruns-revisited-auditing-malware-persistence/
    • https://www.sans.org/blog/offline-autoruns-revisited-auditing-malware-persistence/
  • Windows 11 Artifacts
    • Prefetch
    • Link Files
    • Jumplists
    • Recycle Bin
    • Amcache
    • AppCompatCache
    • Registry
    • Event Logs
    • https://github.com/EricZimmerman?tab=repositories
  • Persistence

AuditD

shadow files

  • btrfs
  • ecryptfs
  • ext2
  • ext3
  • ext4
  • fuse
  • fuseblk
  • jfs
  • nfs
  • overlay
  • ramfs
  • reiserfs
  • tmpfs
  • udf
  • vfat
  • xfs

Research

Mobile Phone Digital Forensics

Mobile Phone Digital Forensics

I was a aware of Law enforcement capabilities to access to Mobile Phone Digital Forensics, but, did’t put much thought into it, until, I started to watch a late night documentary, called, Forensics: The Real CSI Season 1, Episode 3 . In this Episode, it shows a real live example of capturing evidence against a criminal. Here is some research on the same..

You can watch the documentary here;

The software in use, looks like Cellebrite or elcomsoft, checking the website, it shows the following support;

  • Devices iOS
    • .devices iPhone of extraction system file full a perform and locks Determine
    • .(on kept be must device (iPhones locked to access) AFU (Unlock-First-After Gain•
    • .passcode device the knowing without extraction) BFU (Unlock-First-Before Perform•
    • ,attachments email and emails downloaded, conversations chat, data app party 3rd decode and Access•
    • .more and content deleted
  • Devices Android
    • system file full a or) Encryption Disk Full (extraction physical a perform and locks determine or Bypass•
    • .market the on devices Android most on) Encryption Based-File (extraction
    • Based-File with protected devices Android locked to access) AFU (Unlock-First-After Gain•
    • .(FBE (Encryption
    • .(FDE (Encryption Disk Full with devices Android locked for passcodes Startup Secure Determine•
    • Xiaomi and, PrivateSpace Huawei, Folder Secure Samsung like containers secure in stored data Access•
    • .Space Second
    • Unlock latest the devices from ZTE, Xiaomi, Sony, Samsung, OnePlus, Nokia, Motorola, LG, Huawei .
  • Secure Enclave

Securing iPhone

Not to get into a Android vs iPhone augment, but if are using Android phone, good luck with Security;

  1. Maintain the latest OS updates.
  2. Use Apple Configurator to restrict pairing to only the host running Configurator. This will prevent pairing the device to another host, even when it is unlocked.
  3. On the iOS device, tapping “Erase All Content and Settings” is the only way to clear all of its pairings (in addition to all of the other data stored on the device).
  4. For a less destructive way to clear pairings, backup the device through iTunes (encrypt backup with a strong passphrase), “Erase All Content and Settings” on the iOS device, and then restore device settings and data using iTunes
  5. Update Locked Downed Records
    1. https://support.apple.com/en-us/HT202778
    2. Pairing relationships established with devices running iOS 7 or earlier never expire and survive reboots and factory resets. Once such devices get updated to iOS 8 or newer, all existing trust relationships are revoked and must be re-established under new rules.
    3. Since iOS 8, all pairing relationships remain unavailable after the device restarts or powers on until the device is unlocked (at least once) with a passcode.

Research

DetectX.com.au – Disclaimer

This is a personal blog. Any views or opinions represented in this blog are personal and belong solely to the blog owner and do not represent those of people, institutions or organizations that the owner may or may not be associated with in professional or personal capacity, unless explicitly stated. Any views or opinions are not intended to malign any religion, ethnic group, club, organization, company, or individual.

Thoughts and comments are my own as a security enthusiast and should not be quoted in any other context related to my employer.

All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.

Photos

Unless stated, all photos are the work of site owner and are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. If used with watermark, no need to credit to detectx.com.au. For any reuse of blog, please contact me first.

Content

Creative Commons License

Unless stated, all content are the work of site owner and are licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License. Please credit all content to detectx.com.au and link back to the original blog post.

Downloadable Files

Any downloadable file, including but not limited to pdfs, docs, jpegs, pngs, is provided at the user’s own risk. The owner will not be liable for any losses, injuries, or damages resulting from a corrupted or damaged file.

Comments

Comments are welcome. However, the blog owner reserves the right to edit or delete any comments submitted to this blog without notice due to

  1. Comments deemed to be spam or questionable spam
  2. Comments including profanity
  3. Comments containing language or concepts that could be deemed offensive
  4. Comments containing hate speech, credible threats, or direct attacks on an individual or group

INFORMATION ARE PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THESE SOLUTIONS OR THE USE OR OTHER DEALINGS WITH ANY OF THESE SOLUTIONS. “USE AT YOUR OWN RISK.”

The blog owner is not responsible for the content in comments.

This policy is subject to change at anytime.

This is free and unencumbered software released into the public domain.

Anyone is free to copy, modify, publish, use, compile, sell, or
distribute this software, either in source code form or as a compiled
binary, for any purpose, commercial or non-commercial, and by any
means.

In jurisdictions that recognize copyright laws, the author or authors
of this software dedicate any and all copyright interest in the
software to the public domain. We make this dedication for the benefit
of the public at large and to the detriment of our heirs and
successors. We intend this dedication to be an overt act of
relinquishment in perpetuity of all present and future rights to this
software under copyright law.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.

For more information, please refer to <http://unlicense.org/>

Detectx.com.au is alive!

Hello and welcome to detectx.com.au, this blogs intent is to create a central resource for Cloud Security with information for combined fields including; security architecture, SecOps, security automation (DevSecOps), incident respond, penetration testing, threat intelligence, threat hunting, focused on Public Cloud (Azure, GCP and AWS.)

  • Cloud Security Penetration Testing. Red Teaming. (e.g. TIBER-EU)
  • Cloud Security Digital Forensics.
  • Cloud Security Architecture and Detection Engineering. (Blue Teaming)
  • Cloud Security Incident Response.
  • Cloud Security Strategy and Risk Assessment.
  • Cloud Security Proactive Threat Hunting.
  • Cloud Security Monitoring and Compliance.
  • Cloud Security Automation.
  • Serverless, Container, SaaS, API and Web Security.

Proactive Threat Hunting is a unique combination of skills and it is not something that is commonly promoted.

Proactive Threat Hunting rises from Digital Forensic and Incident Response. It is about all the environment-wide insights and analysis. Threat hunting doesn’t consist of incidents investigation, it is a proactive search of known and unknown threats, so a threat hunter can’t just sit and wait until something happens. Human-led reactive and proactive threat hunting based on risk analysis and integrated threat intelligence feeds to augment indicators of compromise

Threat hunting expertise. Reactive threat hunting, targeted threat hunting, and proactive threat hunting all are important in helping organizations improve security maturity and strengthen their defenses. Another key differentiator is continuous proactive threat hunting, which is an optimal preventive strategy.

Threat Hunting utilises EDR and XDR in its purest form is a platform that offers detection and response capabilities utilizing e(X)tended telemetry sources that is managed by the purchasing entity.

This blog will include articles, PodCasts, Source Code, templates, Screencasts, Best practices guides, documentation template and Research into various aspects of Cyber Security.

Why write blogs; The Protégé Effect: How You Can Learn by Teaching Others

The protégé effect is a psychological phenomenon where teaching, pretending to teach, or preparing to teach information to others helps a person learn that information.

https://medium.com/accelerated-intelligence/explanation-effect-why-you-should-always-teach-what-you-learn-9800983a0ea1

DetectX Social media links

I will cull some of the above depending on popularity.

Rules for PodCasts and Blogs

  • 30 mins concise (not waste of time, straight to the point and Topic.) Allot of PodCast is like listening to two people talk without any structure and goes on forever.
  • Easy PodCast must have corresponding Show Notes, ToC, Blog and Reference of all things discussed.
  • Provide a forum and discussion via Discord.
  • Content relevant to Australian Cyber Security industry.

It is peculiar irony in life that the fastest and best way to learn something is to give it to others as soon as you learn it — not to hog it yourself.

If you would like to support, please share, subscribe to the followings;