IT Surveillance and Computer Forensics from Scratch HACKING+

Prepare your environment by selecting a Linux distribution (Ubuntu or Slax), adding modules, building a custom live CD, and installing netcat, crypt cat, and an IDE to compile CBP files.

Learn to transmit volatile evidence from an evaluated system using netcat and cryptcat, configure network interfaces, and verify integrity with MD5 checksums.

Master disk backup over the network by creating disk images with dd, verifying integrity via md5 checksums, and securely transferring image data for forensic analysis.

Analyze email headers to uncover sender details, delivery path, and client software, using message-id, user agent, and IP addresses; trace routes with whois and traceroute to estimate provider and location.

Capture data from a page visit: a remote applet using the Java runtime reveals a user's system configuration, browsing history, IP address, and other data.

Explain how a harmless image on a message board can harvest a user's IP address and browser details by triggering a server script through htaccess and url rewriting.

Learn to create and test partition images, compare compressed and uncompressed backups, verify integrity with md5 checksums, and restore partitions using system rescue CD to understand remnants and imaging.

Explore how NTFS alternate data streams hide data from users and antivirus, affect disk space, and demonstrate creating, listing, and recovering hidden data with the streams utility across Windows versions.

Explore steganography techniques that conceal data in bitmaps using command-line tools, hide and recover text and binary data, and analyze hidden content.

Use tunneling through a shell server with PuTTY to access firewall-protected services and bypass IP-based restrictions by routing traffic through an SSH tunnel to a destination port.

Explore Windows encryption on ntfs and fat32, including folder encryption and system file restrictions. See how encryption software, virtual disks, and netcat highlight vulnerabilities in access to encrypted data.

Recover Windows passwords using Linux live CD password crackers, rainbow tables, and commercial tools. Understand resetting passwords, administrator access, and encryption caveats when applying these methods.

Analyze run applications by inspecting the Windows prefetch folder with strings and registry dumps to uncover first and last run times, MRU history, and execution paths.

Explore forensic data acquisition on Linux by inspecting partitions, fragments, and page file and hibernation files, carving directories, and extracting thumbnails with grep, awk, find, and foremost to reveal evidence.

Learn techniques to acquire data from binary files and process memory dumps, using strings and procdump to extract email addresses, passwords, and mailbox content for forensic evidence.

Explore how to acquire a user's browsing history from browser profiles, locate files like index.dat and places, use strings and forensic tools to extract visited sites.

Explore how to identify and analyze users' web search queries across browsers using scripting and regular expressions, extracting Google q parameters and viewing current results.

Examine remote host availability on a lan by configuring firewall icmp rules, pinging targets, and using arp lookups to confirm a host is up even when it ignores pings.

Learn how email deliverability is tested using read receipt concepts and image-based tracking to log when recipients open messages, including time, ip address, client, and location data.

This lecture demonstrates how an attacker could gain remote access to a computer by exploiting a network share and using tools like netcat and VNC, including deceptive shortcuts.

Block sites by editing the hosts file (run as administrator, use notepad to point hacking school dot com to 127.0.0.1) and apply IP-based routing for persistence.

Learn to acquire and analyze evidence using the WMI command line and system utilities, querying event logs, registry data, processes, drivers, and startup items for forensic insights.

Explore how the dns cache can reveal visited websites and sensitive data using ipconfig /displaydns, with parsing and ping tests, and how clearing the cache prevents evidence.

Learn to acquire data from a disk image using Sleuth Kit, list and mount partitions, view NTFS files, and carve or recover data from slack space.

Learn to recover passwords for ftp, e-mail, and websites by using or building scripts, testing logins, and handling base64-encoded credentials to access servers.

Discover how to write shellcode to inject into a target process and terminate it from inside, using a debugger and compiler tools to craft and test the payload.