Kat Hedley
@4enzikat0r.bsky.social
DFIR, SANS author & certified instructor
GSP & all the FOR GIACs
khyrenz.com
github.com/khyrenz
GSP & all the FOR GIACs
khyrenz.com
github.com/khyrenz
Pinned
Kat Hedley
@4enzikat0r.bsky.social
· Dec 11
GitHub - khyrenz/parseusbs: Parses USB connection artifacts from offline Registry hives
Parses USB connection artifacts from offline Registry hives - khyrenz/parseusbs
github.com
Version 1.6 of #DFIR #parseUSBs is out…
I was interested to see if I could fill in any gaps in assigned drive letters for previous USB connections using LNK data, so this version does exactly that (matching on VSN)
As always, feedback very welcome
github.com/khyrenz/pars...
I was interested to see if I could fill in any gaps in assigned drive letters for previous USB connections using LNK data, so this version does exactly that (matching on VSN)
As always, feedback very welcome
github.com/khyrenz/pars...
My goal for the holiday period was to finish @nintendouki.bsky.social #MarioVsDonkeyKong
Goal accomplished on New Years Day 😎
Goal accomplished on New Years Day 😎
January 6, 2025 at 9:28 PM
My goal for the holiday period was to finish @nintendouki.bsky.social #MarioVsDonkeyKong
Goal accomplished on New Years Day 😎
Goal accomplished on New Years Day 😎
Me: i’m going to start the year as I mean to go on, with a 2km #DFIRFit run on the treadmill 💪
My treadmill 2mins into the warm up…
Anyone know how to fix a dead @nordictrack.bsky.social S20 (UK)? 🤦♀️
It’s not the fuse & I yes I already tried turning it off & on again!
My treadmill 2mins into the warm up…
Anyone know how to fix a dead @nordictrack.bsky.social S20 (UK)? 🤦♀️
It’s not the fuse & I yes I already tried turning it off & on again!
January 1, 2025 at 11:47 AM
Me: i’m going to start the year as I mean to go on, with a 2km #DFIRFit run on the treadmill 💪
My treadmill 2mins into the warm up…
Anyone know how to fix a dead @nordictrack.bsky.social S20 (UK)? 🤦♀️
It’s not the fuse & I yes I already tried turning it off & on again!
My treadmill 2mins into the warm up…
Anyone know how to fix a dead @nordictrack.bsky.social S20 (UK)? 🤦♀️
It’s not the fuse & I yes I already tried turning it off & on again!
Version 1.6 of #DFIR #parseUSBs is out…
I was interested to see if I could fill in any gaps in assigned drive letters for previous USB connections using LNK data, so this version does exactly that (matching on VSN)
As always, feedback very welcome
github.com/khyrenz/pars...
I was interested to see if I could fill in any gaps in assigned drive letters for previous USB connections using LNK data, so this version does exactly that (matching on VSN)
As always, feedback very welcome
github.com/khyrenz/pars...
GitHub - khyrenz/parseusbs: Parses USB connection artifacts from offline Registry hives
Parses USB connection artifacts from offline Registry hives - khyrenz/parseusbs
github.com
December 11, 2024 at 10:54 AM
Version 1.6 of #DFIR #parseUSBs is out…
I was interested to see if I could fill in any gaps in assigned drive letters for previous USB connections using LNK data, so this version does exactly that (matching on VSN)
As always, feedback very welcome
github.com/khyrenz/pars...
I was interested to see if I could fill in any gaps in assigned drive letters for previous USB connections using LNK data, so this version does exactly that (matching on VSN)
As always, feedback very welcome
github.com/khyrenz/pars...
I got as far as I could on the badge challenges on day1 of @SANSInstitute #CyberThreat24 … tripped up by a micro USB cable 🤦♀️🤣
December 10, 2024 at 9:11 AM
I got as far as I could on the badge challenges on day1 of @SANSInstitute #CyberThreat24 … tripped up by a micro USB cable 🤦♀️🤣
It’s all kicking off in style at @SANSInstitute #CyberThreat
December 9, 2024 at 9:52 AM
It’s all kicking off in style at @SANSInstitute #CyberThreat
Very important development… the @trafficscotland gritter tracker now has a beta 3D map! Best names ever, every year
Go Icesweeper Willie, go!
Though I still think the best name so far is… Itsy Bitsy Teenie Weenie Yellow Anti-Slip Machiney
www.traffic.gov.scot/gritter-trac...
Go Icesweeper Willie, go!
Though I still think the best name so far is… Itsy Bitsy Teenie Weenie Yellow Anti-Slip Machiney
www.traffic.gov.scot/gritter-trac...
Gritter tracker | Traffic Scotland
Traffic Scotland gives you the real-time information you need about Scotland’s trunk road network
www.traffic.gov.scot
December 1, 2024 at 10:23 AM
Very important development… the @trafficscotland gritter tracker now has a beta 3D map! Best names ever, every year
Go Icesweeper Willie, go!
Though I still think the best name so far is… Itsy Bitsy Teenie Weenie Yellow Anti-Slip Machiney
www.traffic.gov.scot/gritter-trac...
Go Icesweeper Willie, go!
Though I still think the best name so far is… Itsy Bitsy Teenie Weenie Yellow Anti-Slip Machiney
www.traffic.gov.scot/gritter-trac...
Reposted by Kat Hedley
How do #InfoSec social media apps compare? Stats on my last #DFIR post after 24hrs…
X:
- 5 reposts
- 26 likes
- 2 new followers
Mastodon:
- 2 boosts
- 3 favourites
- 2 followers
Bluesky:
- 6 reposts
- 16 likes
- 7 followers
LinkedIn:
- 13 reposts
- 79 reactions
- 7 followers
- 25 conn requests
X:
- 5 reposts
- 26 likes
- 2 new followers
Mastodon:
- 2 boosts
- 3 favourites
- 2 followers
Bluesky:
- 6 reposts
- 16 likes
- 7 followers
LinkedIn:
- 13 reposts
- 79 reactions
- 7 followers
- 25 conn requests
November 26, 2024 at 10:00 PM
🚨 #DFIR Tool update 🚨
I’ve updated parseUSBs (again!):
- Now supports mounted #KAPE images
- Improved deduplication of events within secs of each other
- Added extraction of partition style (MBR/GPT) & Filesystem
- Parses alternate S/Ns
- Parses WPDBUSENUM key
github.com/khyrenz/pars...
I’ve updated parseUSBs (again!):
- Now supports mounted #KAPE images
- Improved deduplication of events within secs of each other
- Added extraction of partition style (MBR/GPT) & Filesystem
- Parses alternate S/Ns
- Parses WPDBUSENUM key
github.com/khyrenz/pars...
GitHub - khyrenz/parseusbs: Parses USB connection artifacts from offline Registry hives
Parses USB connection artifacts from offline Registry hives - khyrenz/parseusbs
github.com
November 25, 2024 at 10:19 PM
🚨 #DFIR Tool update 🚨
I’ve updated parseUSBs (again!):
- Now supports mounted #KAPE images
- Improved deduplication of events within secs of each other
- Added extraction of partition style (MBR/GPT) & Filesystem
- Parses alternate S/Ns
- Parses WPDBUSENUM key
github.com/khyrenz/pars...
I’ve updated parseUSBs (again!):
- Now supports mounted #KAPE images
- Improved deduplication of events within secs of each other
- Added extraction of partition style (MBR/GPT) & Filesystem
- Parses alternate S/Ns
- Parses WPDBUSENUM key
github.com/khyrenz/pars...
Reposted by Kat Hedley
Who owns Bluesky? What’s the role of former Twitter CEO Jack Dorsey? What’s Bluesky’s business model? And what prevents another Elon Musk from buying and destroying it?
@micahflee.com answers your Bluesky questions.
@micahflee.com answers your Bluesky questions.
Is Bluesky Billionaire-Proof?
Questions and answers about the new social media network Bluesky that you don’t need an invite to see. First, Jack Dorsey is not an owner.
theintercept.com
June 1, 2023 at 7:58 PM
Who owns Bluesky? What’s the role of former Twitter CEO Jack Dorsey? What’s Bluesky’s business model? And what prevents another Elon Musk from buying and destroying it?
@micahflee.com answers your Bluesky questions.
@micahflee.com answers your Bluesky questions.
Reposted by Kat Hedley
Interesting and potentially problematic from a LE viewpoint - @tazwake.bsky.social did you know about this?
naehrdine.blogspot.com/2024/11/reve...
naehrdine.blogspot.com/2024/11/reve...
Reverse Engineering iOS 18 Inactivity Reboot
Wireless and firmware hacking, PhD life, Technology
naehrdine.blogspot.com
November 19, 2024 at 4:15 PM
Interesting and potentially problematic from a LE viewpoint - @tazwake.bsky.social did you know about this?
naehrdine.blogspot.com/2024/11/reve...
naehrdine.blogspot.com/2024/11/reve...
Reposted by Kat Hedley
My #parseusbs #DFIR tool got another small update this week to fix an issue on Linux - now tested on Windows cmd/powershell, WSL (the best shell!), and Ubuntu
Parse USB connection artifacts from a Windows volume, including registry & event log data (or offline hives)
github.com/khyrenz/pars...
Parse USB connection artifacts from a Windows volume, including registry & event log data (or offline hives)
github.com/khyrenz/pars...
GitHub - khyrenz/parseusbs: Parses USB connection artifacts from offline Registry hives
Parses USB connection artifacts from offline Registry hives - khyrenz/parseusbs
github.com
November 18, 2024 at 12:57 PM
My #parseusbs #DFIR tool got another small update this week to fix an issue on Linux - now tested on Windows cmd/powershell, WSL (the best shell!), and Ubuntu
Parse USB connection artifacts from a Windows volume, including registry & event log data (or offline hives)
github.com/khyrenz/pars...
Parse USB connection artifacts from a Windows volume, including registry & event log data (or offline hives)
github.com/khyrenz/pars...
Join me in Lisbon next week for lots of @sansforensics #FOR500 Windows forensics fun. I’ve discovered some fun new things about USB connection artifacts that I’ll be sharing first at this event, so you’ll want to be around for all that!
Sign up here: sans.org/u/1yrB
Sign up here: sans.org/u/1yrB
November 18, 2024 at 12:12 PM
Join me in Lisbon next week for lots of @sansforensics #FOR500 Windows forensics fun. I’ve discovered some fun new things about USB connection artifacts that I’ll be sharing first at this event, so you’ll want to be around for all that!
Sign up here: sans.org/u/1yrB
Sign up here: sans.org/u/1yrB
Reposted by Kat Hedley
This git is full of resources for event logs/auditing. Covers everything from tool configs to audit cheatsheets to event attack chains and data samples. In #DFIR visibility is key. This is a solid resource for those responding to an incident or trying to prevent one. #grc
github.com/stuhli/aweso...
github.com/stuhli/aweso...
GitHub - stuhli/awesome-event-ids: Collection of Event ID ressources useful for Digital Forensics and Incident Response
Collection of Event ID ressources useful for Digital Forensics and Incident Response - stuhli/awesome-event-ids
github.com
November 17, 2024 at 10:29 PM
This git is full of resources for event logs/auditing. Covers everything from tool configs to audit cheatsheets to event attack chains and data samples. In #DFIR visibility is key. This is a solid resource for those responding to an incident or trying to prevent one. #grc
github.com/stuhli/aweso...
github.com/stuhli/aweso...