Shlomi Boutnaru, Ph.D.The Linux Process Journey —” ]” (Checking File Types and Comparing Values)“[” is an ELF binary located at “/usr/bin/[“ — as shown in the screenshot below. It is an equivalent to the “test” utility…10h ago10h ago
Shlomi Boutnaru, Ph.D.The Windows Process Journey — “extrac32.exe (CAB File Extract Utility)“extrac32.exe” (Microsoft® CAB File Extract Utility) is a PE binary located in “%windir%\System32\extrac32.exe”. The binary is used to…1d ago1d ago
Shlomi Boutnaru, Ph.D.The Windows Kernel Data Structure Journey — struct _SIDAs with every operating system also in Windows we need to identify uniquely user/groups, this is the role of a “Security Identifier” aka…2d ago2d ago
Shlomi Boutnaru, Ph.D.The Linux Security Journey — PAM (Pluggable Authentication Module)The goal of PAM (Pluggable Authentication Module) is to separate the task of authentication for applications (for example login, sshd…3d ago3d ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “Shared Folders” (Windows Shares)The goal of a share folder/Windows share is to expose a folder over the network. This allows users to access files which reside remotely…4d ago4d ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “Energy Usage” (System Resource Usage Monitor)SRUM (System Resource Usage Monitor) has different artifacts…5d ago5d ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “MountedDevices (Drive Letters of Mounted Devices)“MountedDevices” is a Windows registry key is basically a database which matches serial numbers of USB devices to a given volume/drive…5d ago5d ago
Shlomi Boutnaru, Ph.D.The Linux Concept Journey — Unnamed Pipe (Anonymous Pipe)In general a Linux pipe allows commands to send output of one program to a different one. Thus, the term “Piping” means redirecting…6d ago6d ago
Shlomi Boutnaru, Ph.D.The Linux Concept Journey — chroot (Change Root Directory)chroot is a Linux system call which allows changing the root directory of a calling process to a specific path. After doing so the…6d ago6d ago
Shlomi Boutnaru, Ph.D.The Linux Concept Journey — Socket FileA socket file one of the file types supported under Linux…Jun 4Jun 4
