Archivo de la etiqueta: wh0s

Forensics analysis: Windows Registry (I)

Within the information we can get in a forensic analysis of a Windows computer, windows registry provide us with interesting information about the computer installation, users, installed programs …

Where can we find these files?

On Windows XP, Windows Vista, Windows 7 and Windows 8 operating systems (among others), log files can be found in the following path:


The interesting records will be:

  • \SAM

The first thing we do is extract these files from a test environment to see what information we can get from each of them. The program that we use to see the information they contain is Windows Registry Recovery“.

The records that provide us with more information are SAM, SOFTWARE and SYSTEM, in this post we will see some of the information stored in SYSTEM, and in the next post we will show you the results of the SAM and SOFTWARE files.


Network configuration:

post 1 edit.png

Last known hardware configuration:

post 1 edit.png

We hope that this post has been of interest to you. We will write much more about stored data into Windows Registry in our next post. J

Translated by @ANAgarneg

Creepy, where have you been?

Creepy is a geolocation OSINT tool that can be used as part of the footprinting phase. This tool is developed in python and it is a cross-platform. It has been developed for educational purposes to see how much geolocation information is contained in publications made with the location option on.

OSINT tools (Open-Source Intelligence) collect information from public sources that are accessible via Internet, i.e free and declassified information fonts.

Keeping this in mind, what Creepy does is to collect location data from those users considered as targets. This data is collected from publications on social networks like twitter, instagram or flicker whose users have their location on.

Below you’ll find some pictures showing how Creepy works and the results it shows.

  1. Once the objective has been specified a research is done in order to find every published location:

post 1 edit.png

We can appreciate that most part of the findings are in Spain and that there’s one in Belgium.

  1. Let’s approach the zoom to see the findings more in detail:

post 1 edit.png

post 1 edit.png

As you can see it is very easy to track someone who publishes their location on social networks, so it is important that you turn it off and turn it on only when needed.

Translated by Ana García Negrillo  (@ANAgarneg)

10 ways to keep your Smartphone safe

It’s been a while since we wanted to talk about something that we find interesting and are also concerned about: Smartphone safety.

With the popularization of these “intelligent” phones, almost everybody is carrying in their pocket one of the newest target for malicious attacks.  But why?  Well, it stores a lot of personal data not properly protected.


In order to make it difficult for someone to attack us, we will provide you with some tips to protect yourself as much as possible from this threat. Most of them are just logical, but it is not a bad idea to remind them, as the main defense is common sense.

  1. Download apps only from official repositories:  You have to make sure that the download is legitimate and pay special attention to the permissions required by the application. Although it may happen with some applications, it is not normal for a dictionary app to ask us for access to our contact list or location. If you have an Android device, you must be even more vigilant, as the Android Market is less restrictive when publishing applications and infected ones can be found for sale.
  2. Beware of links to suspicious domains: don’t access links from emails, Whatsapp, etc. from an unknown origin. For example, those ads that promise the moon and the stars:  “Congratulations! You are our 1,000,000th  user! You have won this fabulous car! Click ‘here’ to get it.”
  3. Make sure that we are where we really want to be: as we will see in a forthcoming post, there are sites cloning others in order to obtain your passwords and gain access to your account and data. It is very important to know where we are getting into.
  4. It is highly recommended not to root or jailbreak it: mostly if you don’t have enough knowledge in this field. When you do it you will become the administrator from the terminal, so if you are attacked they will have full access to all your data and even make your phone useless.
  5. Deactivate Bluetooth and Wifi: just activate them when you are going to use them, the rest of the time they are like an open door to other devices.
  6. Activate localization only for certain applications: for example, maps or GPS. But Twitter or Facebook do not need it, that’s just extra information for those who may try to attack you.
  7. Install an antivirus: you have to think of it like a pocket computer, so the antivirus will protect us from known attacks. A good choice may be AVAST (for Android).
  8. Make regular backups: it is better to have backups in order not to lose our data in case of theft, loss or damage of the phone.
  9. Keep you Smartphone updated: both in the operating system and applications, most of the updates include bug fixes and security enhancements.
  10. Encrypt your Smartphone contents with applications like Sophos Mobile encryption and install applications to enhance safety as Lookout, which, among other things, allows you to locate your Smartphone if lost or stolen.

Besides all these recommendations you can always go a step further. Some Smartphones focused on protecting information have been currently developed. Two examples would be:

BlackPhone (475€ + taxes,shipping costs and custom duties), it is considered the safest phone in the world.

Hoox M2 (around 2000€), made by Bull and designed to warrant the phone safety, it is known as “the first European Smartphone with in-depth security”.

As you see, I could give you much more advice, these are just a few.

If you want to share your tricks to make your Smartphone as safe as possible, please don’t hesitate to leave a comment.

I hope that this post has been of interest to you J

Translated by Ana García Negrillo  (@ANAgarneg)

bWAPP: learning IT security with an app

Today we want to talk about bWAPP, an insecure web application with educational purposes, founded by Malik Masellem (@MME_IT).

There are more applications of this type, but we discovered this one in our stay in Belgium last week, and we found it interesting.

What is bWAPP?

bWAPP is an insecure open-source web application designed to improve the skills of students, developers or people interested in IT security in order to discover and prevent web vulnerabilities.

This app has more than 70 vulnerabilities such as SQL injection, Cross-Site Scripting (XSS) or Denial of Service (DoS).

We can install this app with two different steps:

  • We can download the bWAPP application and install it afterwards in our server (Apache/ISS) or in XAMPP or WAMPP.
  • In addition, we have the possibility of downloading ‘bee-box’, a virtual machine with bWAPP already installed. It takes up 7.3 Gb.

Once installed, it is time to play… here we have two examples of exploiting vulnerabilities:

XSS – Reflected:

1. We choose the vulnerability we want to exploit, in this case, ‘Cross-Site Scripting – Reflected (GET)

2. We write ‘<script>alert(“XSS”)</script>’ in ‘First name’:

3. Result:

SQL Injection:

1. Insert characters: in this case we have enough with an inverted comma  :

2. We receive the information from the database:

You can find all the information of this app, together with the download and the explanation in the following link:

Here you have some other applications where you can learn hacking techniques without getting into trouble:

  • Gruyere, a project from Google. You can find more information about this in @fluproject.
  • WebGoat, an OWASP project.
  •, an eLearnSecurity project where you can have access to several web applications with vulnerabilities to improve and learn pentesting techniques.

Time to enjoy playing and learning!

Translated by Cristina Serrano (@parole_errante)

Introduction to Digital Forensics

One of the lectures that we have attended is “Digital Forensics” and it has personally got my attention. In fact, my final project talks about one.

The objective of these posts is, after a brief theoretical introduction, to tell you about all the tools used during the investigation and how they work in order to see what data they can provide us with.

Now let’s get to the point:

Computer Forensics is the forensic science that uses scientific methods in computer systems. To this end it must assure, identify, preserve, analyze and present digital evidence, ensuring its integrity so as to be accepted in trial.

Análisis Forense

Computer Forensics is utilized in criminal cases in which part of the evidence may be found in computing systems, which can make a difference in the outcome of the judicial process. Forensic evidence can come from hard drives of personal computers, portable hard drives, USB devices, mobile devices, etc…

Forensics analysis consists of a series of steps to ensure that the evidence has been fixed in an appropriate manner to warrant its validity:

  • Ensure the crime scene is safe (this phase does not always apply in certain analysis) means to secure the crime scene in order to prevent anyone from altering it.
  • Evidence identification, consists  of identifying which pieces of evidence are supposed to be collected for further analysis. The analyst must identify the computer systems or devices that are going to be analyzed and must distinguish volatile evidence (that which may disappear once it stops receiving electronic power supply).
  • Data Acquisition is the most critical phase due to the ease with which digital evidence can be modified. A mistake at this stage can end up invalidating the evidence in the judicial process. At this phase bit-for-bit copies of the original devices are made, verifying their integrity, writing down the exact date and time in real life and in the system (if it exists). Documentation and labeling of evidence and transportation to a safe place are also steps inside this phase.
  • Data analysis: at this phase we look for useful information inside the seized evidences. The content of every file will be analyzed (deleted files, system logs, encrypted files…)
  • Presentation and results report: after the analysis, the forensic analyst must draft an expert report with conclusions and justification of the employed procedure. It should be concise and clear, as this report may end up being presented in court as evidence.

I hope that this introduction has been of interest to you and I promise that coming posts about this subject will be more technical, but in my opinion it is good to first have a good foundation on which to build.


Translate by: Ana García Negrillo (@ANAgarneg)