Guide: Cuckoo Sandbox on FreeBSD

This is a guide through configuring a basic Cuckoo Sandbox installation on a FreeBSD host. The main points of difference between a Linux and a FreeBSD install lie in the configuration of the firewall for the host to NAT connections between the Virtualbox host-only network and the Internet. I don't often write guides, however decided… continue reading

Converting a memory image from raw to padded

Convert a Linux memory image from a raw (where the System RAM ranges have been concatenated together) to a padded image, provided the early boot messages were present in the kernel ring buffer at the time of imaging. Includes Python code to convert an image automatically. Update 2016-06-29: The code on Github has been updated… continue reading

Extracting BitLocker keys with Volatility (PoC)

Update 2016-03-13:There is more detail, including a link to a plugin for Volatility in the more recent article Recovering BitLocker Keys on Windows 8.1 and 10 . This article is mainly to document a proof-of-concept Volatility plugin to extract the Full Volume Encryption Key (FVEK) from a memory dump of a Bitlocker-enabled Windows machine.… continue reading