René's URL Explorer Experiment


Title: ØSecurity (nullsec.us)

Open Graph Title: ØSecurity

X Title: ØSecurity

Description: Digital Forensics, Incident Response, and Cybersecurity

Open Graph Description: Digital Forensics, Incident Response, and Cybersecurity

X Description: Digital Forensics, Incident Response, and Cybersecurity

Opengraph URL: https://nullsec.us/

Generator: Ghost 6.35

direct link

Domain: nullsec.us


Hey, it has json ld scripts:
{
    "@context": "https://schema.org",
    "@type": "WebSite",
    "publisher": {
        "@type": "Organization",
        "name": "ØSecurity",
        "url": "https://nullsec.us/",
        "logo": {
            "@type": "ImageObject",
            "url": "https://nullsec.us/content/images/size/w256h256/2018/06/logo.png",
            "width": 60,
            "height": 60
        }
    },
    "url": "https://nullsec.us/",
    "name": "ØSecurity",
    "image": {
        "@type": "ImageObject",
        "url": "https://nullsec.us/content/images/size/w1200/2024/08/nullsec.us_background-1.png",
        "width": 1200,
        "height": 400
    },
    "mainEntityOfPage": "https://nullsec.us/",
    "description": "Digital Forensics, Incident Response, and Cybersecurity"
}
    

NoneIE=edge
HandheldFriendlyTrue
referrerno-referrer-when-downgrade
og:site_nameØSecurity
og:typewebsite
og:imagehttps://nullsec.us/content/images/size/w1200/2024/08/nullsec.us_background-1.png
twitter:cardsummary_large_image
twitter:urlhttps://nullsec.us/
twitter:imagehttps://nullsec.us/content/images/size/w1200/2024/08/nullsec.us_background-1.png
og:image:width1200
og:image:height400

Links:

ØSecurity https://nullsec.us
Homehttps://nullsec.us/
Subscribehttps://nullsec.us/rss/
Abouthttps://nullsec.us/about/
Sign inhttps://nullsec.us#/portal/signin
Subscribehttps://nullsec.us#/portal/signup
https://nullsec.us/cve-2026-31431-copy-fail-forensics/
CVE-2026-31431 (Copy Fail) Forensics For those that have missed it, new CVE just dropped. Simple and reliable privesc for every Linux system since 2017. Links and background first. Skip down a section for the forensics. I'll try to update this with other distros and new evidence as things unfold. * 13Cubed episode * The https://nullsec.us/cve-2026-31431-copy-fail-forensics/
https://nullsec.us/plaso-for-windows-part-3/
Plaso for Windows Part 3 Bottom line up front, I was using WSL wrong. Hundreds of thousands of small write operations that leave the WSL2 filesystem are almost unusably slow. Reads are mostly fine, and large writes can be tolerable — but write-heavy workloads crossing that boundary are a problem. Somehow I never put this together. https://nullsec.us/plaso-for-windows-part-3/
https://nullsec.us/plaso-for-windows-part-2/
Plaso for Windows Part 2 Update: TL;DR - WSL is not supposed to be this slow, I was using it wrong. I still think there is value in the Windows version. I posted a longer explanation here: https://nullsec.us/plaso-for-windows-part-3/ -- Some of you may remember part 1 from back in 2023. I https://nullsec.us/plaso-for-windows-part-2/
https://nullsec.us/a-bit-ab/
A bit about timestomping I have a question for everyone: which of the following two files, test1.txt or test2.txt, has been timestomped? One of them has, and one of them hasn’t — I’m not trying to play that kind of trick. If you guessed test1.txt, you’re wrong. Here’s https://nullsec.us/a-bit-ab/
https://nullsec.us/history-of-nmap-top-ports/
nmap History of Nmap Top Ports Nmap’s top 1,000 ports haven’t changed since 2008, but the internet has. New services have emerged, and attack surfaces have shifted. This post revisits port scanning’s evolution, highlights outdated assumptions, and stresses the need to know your target—because defaults don’t always cut it. https://nullsec.us/history-of-nmap-top-ports/
https://nullsec.us/custom-shortlinks-with-shlink/
Custom Shortlinks with Shlink I setup Shlink in a Digital Ocean droplet, and put it behind Cloudflare. There's nothing super unique here, but I wanted to document it both for my sake, and anyone else that has a similar setup. I'm using the smallest/cheapest Digital Ocean droplet I can. https://nullsec.us/custom-shortlinks-with-shlink/
https://nullsec.us/csc-std-002-85-green-book/
CSC-STD-002-85 (Green Book) GitHub - BeanBagKing/CSC-STD-002-85: DEPARTMENT OF DEFENSE PASSWORD MANAGEMENT GUIDELINE - 12 April 1985 - CSC-STD-002-8512 April 1985 - CSC-STD-002-85 - BeanBagKing/CSC-STD-002-85GitHubBeanBagKing For whatever reason, I decided to try to recreate the 1985 Department of Defense Password Management Guideline book. I've only ever seen the text, which https://nullsec.us/csc-std-002-85-green-book/
https://nullsec.us/i-wish-it-need-not-have-happened-in-my-time-2/
I wish it need not have happened in my time I'm going to stray from the topic of cybersecurity and infosec for a moment, and likely more and more over the next few years. What I'm seeing in the world around me, particularly in the country and state where I live, scares the absolute hell out https://nullsec.us/i-wish-it-need-not-have-happened-in-my-time-2/
AppCompatCache Part 3 In my previous post, I went though the structure of the AppCompatCache and then parsed out the actual values found. I expect this to be the last part of this series and goes over some additional findings and thoughts. However, I'm working with Richard of 13Cubed on this, https://nullsec.us/appcompatcache-part-3/
Building a Custom AppCompatCacheParser.exe I’m still digging into the values found in my previous post (AppCompatCache Deep Dive) and as part of that, wanted to see the actual values being flagged, not just Yes for 01 00 and No for everything else. This is a bit of a side quest into doing that, https://nullsec.us/building-appcompatcacheparser/
AppCompatCache Deep Dive Let’s set some background first. Back in Windows XP and prior, the mere existence of AppCompatCache (aka Shimcache) could be used to prove execution. A program wasn’t shimmed unless it was actually executed. This changed in Windows 7, 8, and 8.1 (presumably Vista as well, but nobody https://nullsec.us/windows-10-11-appcompatcache-deep-dive/
Examining SMS Phishing I received a phishing message via SMS today directing me to hxxps://cutt[.]ly/WegUqPxy?Lgp=brg1CtzWGg. I haven't done a post in a while, and thought this might be interesting to examine. urlscan.io This is a great site for examine single page phishing or suspect sites. https://nullsec.us/examining-sms-phishing/
Forensic Collection from Proxmox VE The following are some notes and a bit of a guide regarding collecting memory and disk from Proxmox Virtual Environment (hereafter PVE). There doesn't seem to be nearly as much information regarding best practices and potential pitfalls as there is for Hyper-V or ESXi. However, with the growing https://nullsec.us/forensic-collection-from-proxmox-ve/
Plaso Windows Build Update 2026-02-08 - https://github.com/BeanBagKing/WinPlaso https://nullsec.us/plaso-for-windows-part-2/ I'm trying to nail down the steps to build the Log2Timeline Plaso Windows executable. Part of this is to make it more accessible to the community (for example, Autopsy, which still uses a 2018 version). Part https://nullsec.us/log2timeline-windows-build/
VSS Carving - Pt. 2, Halfway There I intended for this to at least be  a two part series, part 1 is here [https://nullsec.us/carving-for/]. I'm not sure yet if this will be the end of it or not. I did successfully recover some information from a deleted snapshot, so success there. However, https://nullsec.us/vss-carving-pt-2-halfway-there/
VSS Carving - Pt. 1, Setup I'm actually having some problems getting the final results in a lab, so I'm going to go through the tool and lab setup first. Hopefully this will encourage someone to point out what I'm doing wrong or a lab setup that will work. I& https://nullsec.us/carving-for/
Windows Baseline Logging When people ask what their baseline configuration should be, in terms of logging, I feel like it often gets answered with general advice regarding knowing your environment, having different configurations for file servers vs domain controllers, etc. This is true advice, but not particularly helpful. You might not know your https://nullsec.us/windows-baseline-logging/
Log4j / Log4Shell / CVE-2021-44228 For average/home users Someone on twitter [https://twitter.com/Rooster_75/status/1470746847790706698] asked two questions that I thought might be valuable for this article, paraphrasing: > Can someone explain the Log4j vulnerability in non-IT terms, and is there any mitigation my level as average mere mortal? 1) A https://nullsec.us/log4j-log4shell/
Super Timeline Quick Reference If you haven't watched it already, there's some great YouTube videos by Richard Davis of 13cubed that I suggest you start with. If you're just looking for the commands to run, scroll towards the bottom. There are a LOT of advanced options that could https://nullsec.us/supertimeline-quick-reference/
PSScriptPolicyTest Files There is an often-referenced article here [https://www.deploymentresearch.com/psscriptpolicytest-script-gets-blocked-by-applocker-in-the-event-log-why-and-what-are-those-files/] that lays out what these files look like, what they do, and where they originate. From the perspective of trying to identify them however, it was a bit out of date, and nobody really goes over everything that these https://nullsec.us/psscriptpolicytest-files/
Finding Unusual PowerShell with Frequency Analysis I have, for a long time, been watching my logs for unusually long command line artifacts. Something suspicious doesn't have to be long, but except for a few well-known and easily ignored applications, most long command lines are suspicious. For example, imagine you came across this [https://threatpost. https://nullsec.us/finding-unusual-powershell-with-frequency-analysis/
Mongo 3.6 on Ubuntu 20.04 I'm sure the first thing you're asking yourself is why. Stubbornness is your answer. I was playing with Zeek at home (if you want to get started, check out Zeekurity Zen [https://www.ericooi.com/zeekurity-zen-part-i-how-to-install-zeek-on-centos-8/] on Eric Ooi's page, quality stuff) and built https://nullsec.us/mongo-3-6-on-ubuntu-20-04/
Cloud-Hosting FoundryVTT in Lightsail Plus CloudFlare and proper LetsEncrypt Certs I got bored and decided to play with a cloud-hosted Foundry VTT server. They have some great guides for getting started with some of these. I could get a little more bang for my buck though if I went with Amazon Lightsail. Lightsail is https://nullsec.us/self-hosting-foundryvtt-in-lightsail/
Converting .sid (MrSID) files Just notes because every forum post I came across for this was 10 years old, and all the references and links were out of date. Once you find the files, there's nothing difficult here. From the Wiki [https://en.wikipedia.org/wiki/MrSID] "MrSID (pronounced Mister Sid) https://nullsec.us/converting/
Battery Powered PIR IR Illuminator I've spent some time searching for an additional IR illuminator to supplement my security cameras. For those of you not familiar with what these are, the IR lights (or near-infrared, 850nm) on your camera are what allows it to see in the dark. Most cameras have decent lights, https://nullsec.us/battery-powered-ir-illuminator/
Older Posts →https://nullsec.us/page/2/
ØSecurityhttps://nullsec.us
Powered by Ghosthttps://ghost.org/

Viewport: width=device-width, initial-scale=1.0


URLs of crawlers that visited me.