Having fun while learning about and pivoting into the world of DFIR.
by ogmini
Big milestone today, I’ve hit 6 months with no missed posts on the Zeltser Challenge. It is getting harder to find the free time to do research and write up posts as it is summer and the time for longer family vacations. July is going to be exceptionally challenging for this reason.
June began with attending the NYS Cybersecurity Conference in Albany, NY. It was a good experience overall as I haven’t attended any cybersecurity centered conferences previously and greatly enjoyed many of the talks. I also got free entry into one of the DFIR Report’s CTF challenges and it was a great learning experience to say the least. Really highlighting some areas of learning.
I continued my focus on Windows Notepad and documenting artifacts related to the application hive. This led to reverse engineering data types related to app containers and their registry hives.
I made changes to the Notepad State Library to facilitate modifying a Windows State file. There is now a simple console application that lets you change the Tab GUIDs. More of a is this possible and not a how is this useful.
Also did some preliminary analysis on the impact of the new Markdown support added to Windows Notepad. That will continue into July with more testing and details.
Finally, I might have some exciting news in July related to my research into Windows Notepad.
tags: #Musings