..read more

My March artist of the month is Emme Lentino. You can find the article at https://www.radioj.online/featured-artist ..read more

Since my retirement from InfoSec I've been spending as much time as possible learning about AI and concentrating on music, the thing I love most in life after people. I'll be using this blog to post content from my website at radioj.online and discover new music from any comments. Thanks ..read more

..read more

I retired from the industry a couple months ago, and I've observed how difficult it is to keep up with the InfoSec industry, when you're not in the industry. Infosec is one of the fastest changing industries there is, and it requires daily attention, dedication to self education and a real passion for what you do. It's not a job you can finish at the end of the day and forget until the next day. Consider this when choosing InfoSec as your career. But if you're willing to put the time in and dedicate yourself to your career, it's one that is both satisfying and rewarding ..read more

Filelight is a handy disk forensics tool though it wasn't designed to be, that I know of...in a CTF question I am looking in an appdata folder called Comms for evidence and I wanted to see if the folders were all the same size ..read more

Highly recommend this video. Jeff is a fantastic instructor ..read more

Untitled Byte 0 - Bits 0-3 - IP version Byte 0 - Bits 4-7 - IP header Length Byte 1 - Differentiated Services or TOS Byte 2 & 3 - Total IP datagram length Byte 4 & 5 - IP Identification Field Byte 6 - Bit 0 - Reserved Bit Byte 6 - Bit 1 - Don't Fragment bit Byte 6 - Bit 2 - More Fragments bit Byte 6 - Bit 3 - First bit of Fragment Offset Field Byte 7 - Fragment Offset Field (with one bit from byte 6) Byte 8 - Time To Live Field Byte 9 - Embedded Protocol (TCP, UDP, ICMP, etc.) Byte 10 & 11 - IP Header CheckSum Bytes Bytes 12-15 - Source IP Address Bytes Bytes 16-19 - Destinat ..read more

  Threat Hunting in a nutshell. No Big Red Easy button. Not something that can be automated. Need analysts, trained analysts. Not an automated process, not something ML can do, regardless of what vendor xyz tells you. Has some similarities to law enforcement. Sometimes discoveries come on a hunch... Something just doesn't look "right" though it doesn't trigger any alerts, uses institutional knowledge, experience, and lots of familiarity with normal activity and malicious activity. IMO, it's the most exciting silo of network/information security because success will be based on training ..read more

  Wireshark is a nice tool for keeping your packet dissecting knowledge fresh and finding things you didn't know were there...you can play with the colorization settings and click through the fields in the packet dump and see which fields in the header and payloads they correspond to. Below I have the start of the IP header selected, which shows us the first nibble is the IP version field, and the other half of the first byte is the header length. Whatever is in the IHL, multiply it by five to get the bytes. So a 4 means the header is 20 bytes, the minimum length of an IP header, whic ..read more