|
|
|
Windows Phone 8 and RegRipper |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : Last week, Cindy Murphy cindymurph sent me some Registry hive files...from a Windows Phone 8. This was pretty fascinating, and fortunate, because I'd never seen a Windows phone, and had no idea if it had a Registry. Well, thanks to Cindy, I now know that it does Looking at the hive files was pretty fascinating. The first thing I did was open one of the smaller hive files in UltraEdit, and I could clearly see that it followed the basic structure of a Registry hive file see chapter 2 of Windows Registry Forensics . Next, I opened one of the hives in a viewer, and saw that the hive file opened nicely however, there were clearly differences in what I expected to see, with respect to a desktop or laptop running Windows. Finally, I ran a couple of RegRipper plugins against the System hive that Cindy provided, in part because I saw that there were some keys with the same paths as the ones I generally see on Windows systems. For example, the compname.pl and timezone.pl plugins worked just fine. For the Software hive, the profilelist.pl plugin worked just fine, although there was only one profile listed. Interestingly enough, the SAM hive had the correct structure and a root key, but no subkeys. So, if there's a question as to whether or not RegRipper works when run against hive files from a Windows Phone 8, the answer is yes , but with a caveat...you can't expect all of the plugins to work, simply because the current RegRipper plugins are intended to run against hives extracted from Windows computer systems. I would like to be able to write plugins for the phone hives, but I won't be able to that until more data becomes available and more analysts can identify what it is they find important and of-interest in these hive files. I'd like to send a thank you to Cindy for sharing the hive files and helping to expand my view into this data source a bit. Les mots clés de la revue de presse pour cet article : windows Les videos sur SecuObs pour les mots clés : windows Les mots clés pour les articles publiés sur SecuObs : windows Les éléments de la revue Twitter pour les mots clé : windows Les derniers articles du site "Windows Incident Response" :- Training Philosophy- Cool Stuff, re WMI Persistence- Windows Registry Forensics, 2E- Event Logs- Links Plugin Updates and Other Things- Tools, Links, From the Trenches, part deux- From the Trenches- Updated samparse.pl plugin- The Need for Instrumentation- Analysis
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
