- http://www.rekall-forensic.com/faq.html: information on issues with symbol acquisition
ntkrnlmp.pdb for Windows 8.1 on Rig: GUID = 3BAEE2762F6442089EF8B926DDC8DBA61 Offset = 0x00014ccceb48
Scan for GUID of kernel
Brae Brae
Brae
/ Rekall Resources.md
Last active
August 29, 2015 14:27
Information needed for Rekall memory forensics work
Brae
/ Elite Systems.md
Last active
January 22, 2016 19:23
#Mining Systems# ##Federation##
- Omicron Columbae: Go to ring Omicron Columbae 2, has high reserves of metallics as of 11/01/16. Nearest ports are ~2,200LS away
#Bounty Hunting Systems# ##Federation##
- Kremainn: Multiple High Extraction points with station nearby. Also contains Conflict Zones as of 11/01/16
##Independent##
Brae
/ NMap Instructions.md
Last active
June 21, 2016 11:18
#Useful Switches
##Host Discovery -sL: List scan for basic host discovery. Uses reverse DNS to lookup hostnames without sending packets directly to the hosts. REQUIRES A DNS SERVER TO BE PRESENT.
-sn: Ping scan for host discovery. One step more intrusive than the list scan.
-O: OS identification scan
##Port Scans
Brae
/ Reverse Engineering Techniques.md
Last active
July 7, 2016 15:02
Summary of tools and approaches for RE purposes
##Packers:
- PEiD - Packer detection, runs on Windows (can't find a Linux version)
- UPX - Common packer software
##Section Analysis:
- PEView - Show info from the PE header
- PE Explorer - Similar to PE View
- Resource Hacker - Browser the .rsrc section
- Icon section lists image shown when the executable is in a file listing
- Menu section stores all menus that appear in various windows, suh as the File, Edit and View menus. This section contains the names of all the menus, as well as the text shown for each. The names should give you a good idea of their functionality.