Search Results for "forensics"

Google CTF is the public repository that houses most of the challenges from Google’s Capture-the-Flag competitions since 2017 and the infrastructure used to run them. It’s a learning and practice archive: competitors and educators can replay tasks across categories like pwn, reversing, crypto, web, sandboxing, and forensics. The code and binaries intentionally contain vulnerabilities—by design—so users can explore exploit chains and patching in realistic settings. The repo also includes infrastructure components and links to a scoreboard implementation, giving organizers reference material for hosting their own events. As a living archive, it documents changes in exploitation trends and defensive techniques year over year. ...

...It enables investigators and malware analysts to extract process lists, network connections, DLLs, strings, artifacts, and more. Volatility supports many plugins for detecting hidden processes, malware, rootkits, and event tracing. It’s essential in digital forensics and incident response workflows.

...The tool helps investigators identify residual data such as logs, configurations, or usage traces that may persist despite Tails’ security features. It is particularly relevant for digital forensics and research into privacy systems. Tailslayer emphasizes practical analysis techniques rather than theoretical exploration. Its design reflects the need to balance privacy with investigative capabilities. Overall, it provides insight into how secure systems behave under forensic scrutiny.

Infosec Reference is a curated knowledge base and resource repository for information security practitioners. It aggregates cheat sheets, tooling guides, protocol deep dives, incident response playbooks, and threat actor profiles—all organized under accessible categories (network, web, host, cryptography, auditing). The repo is built as a living wiki of sorts: practitioners contribute updates, expand sections, or refine explanations as the threat landscape evolves. Because security spans...

Rekall is a powerful memory forensics framework that turns raw RAM captures—or live system state—into structured artifacts investigators can query and script. It ships with a large collection of plugins that parse OS internals to recover processes, modules, sockets, registry hives, and file objects, even when rootkits try to hide them. The design emphasizes repeatability: investigators run well-defined analyses that produce timelines, indicators, and reports suitable for case work or automation. ...

pyringe is a powerful Python process “syringe” that attaches to a running interpreter and lets you introspect—and even execute code inside—that live process. It blends debugger-style attachment (via gdb/ptrace techniques) with Python-aware helpers so you can inspect threads, frames, locals, and heap objects without restarting the target. This is invaluable for post-mortem diagnosis of production daemons where reproducing a bug in a dev shell is impractical. pyringe can inject arbitrary...