RECOVERING FILES with Autopsy (PicoCTF 2022 #47 'operation-oni')
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ j-h.io/patreon ↔ j-h.io/paypal ↔ j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🖥️ Zero-Point Security ➡ Certified Red Team Operator j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# j-h.io/c2dev
👨🏻💻7aSecurity ➡ Hacking Courses & Pentesting j-h.io/7asecurity
📗Humble Bundle ➡ j-h.io/humblebundle
🐶Snyk ➡ j-h.io/snyk
🌎Follow me! ➡ j-h.io/discord ↔ j-h.io/twitter ↔ j-h.io/linkedin ↔ j-h.io/instagram ↔ j-h.io/tiktok
📧Contact me! (I may be very slow to respond or completely unable to)
🤝Sponsorship Inquiries ➡ j-h.io/sponsorship
🚩 CTF Hosting Requests ➡ j-h.io/ctf
🎤 Speaking Requests ➡ j-h.io/speaking
💥 Malware Submission ➡ j-h.io/malware
❓ Everything Else ➡ j-h.io/etc
Пікірлер: 43
"i need to look for keys" hovers over the key folder and moves on
@rahimmahat0007
2 жыл бұрын
Exactly, I was like John you just passed right through it
@adinathrangnekar3064
Жыл бұрын
Same
I like the 'short' informative videos like these. Thanks
Great video, love the content. Thank you!
If you want to understand the rwx permission set, it's better to interpret it as binary. Basically, we have 3 bits that each represent r, w, and x, respectively. so, let's say I want read & execute, this translates to r-x, which translates in binary to 101, which then in turn converts to 4+1=5 in base10 :)
Great content John! Keep it up!
Really like the alternate solution / additional extra curricular activity that you mention as applicable....
Briefly talks about Chmod three digit codes "you can look up resources on how this exactly works" then proceeds to explain how it exactly works lol thank you John, I love when you do that!
Love this Format Mighty Friend! You can lead a horse to water but ya can't always git'em to drink.
I used binwalk too. It was quick and easy using that than autopsy because of command line
Nice one as allways!
thanks dude
Watching this on the TV cast with my father fingers crossed 🤞 it's not to over my or rather our head(s).
one easy way to remember the file permissions is to know that read is 4, write is 2, and execute is 1 so r-x will be 4+1=5 and rw- will be 4+2=6
@ericbarlow6772
2 жыл бұрын
It’s binary. RWX is a bit either on (1) or off (0). Read only is 100 in binary or 0*2^0 + 0*2^1 + 1*2^2 = 4.
@abiolasamuel9760
9 ай бұрын
Hello 👋 My samsung a71 phone was factory reset remotely and I don't have any backup whatsoever, is it possible to recover the phone data
HOLY SHIT BRO YOU DONT EVEN KNOW HOW HELPFUL THIS WAS FOR ME HOMIE
cant wait for htb cyber apocalypse videos.
Great great video John, but dude you are like sonic speed lol barely catching up , which made this vid a 40 minutes show. But the point is this is great . May God bless you brother
You are Epic
I did it with commands icat and fls....it was a lot hectic though!
the audio seemed low at full volume was I able to hear anything as always great vid
I like using autopsy and we don't even do traditional forensics as my state requires you be a PI of all things to do that. But I do use it for data recovery and I even use a hardware write blocker. Probably seems like overkill but I never have to say that I may have changed something so if the end user wants to send it to Ontrack or some other place I can argue that we never changed anything.
@abiolasamuel9760
9 ай бұрын
Hello 👋 My phone was factory reset remotely and I don't have any backup whatsoever, is it possible to recover my phone data
Lol I just mounted the root partition as a loop device with losetup
uh, he saw for the first time a kernel source tree 🙊 binwalk FTW!
Couldn’t you just midair image; mount -t iso9660 -o loop disk.img image to mount the disk image and then use find to look for SSH keys and the like?
are you use linux for daily driver ??
The SSH key wasn't a deleted file though
👍
Watching this file failing the htb CTF xD only 8 challenges done, but I'm alone ^^
Hiiiii
Whats this GUI, I've used autopsy on windows and it wasnt a web app, had a much nicer GUI... Is it not available on Linux?
@kiyu3229
Жыл бұрын
It is you can install it with apt
1
Finnaly, I got your home address.
13:40 whats that finish command 🤔🤔 can anyone explain?
@PR1NC3
2 жыл бұрын
he created bash script to rename the working folder with prifix _completed
@shocker9434
2 жыл бұрын
@@PR1NC3 oh got it. thanks
I love your content, but calling things a "gimmick" when they're far from it... that's... grating. :(
@abiolasamuel9760
9 ай бұрын
Hello 👋 My phone was factory reset remotely and I don't have any backup whatsoever, is it possible to recover my phone data
@abiolasamuel9760
9 ай бұрын
Hello 👋 My phone was factory reset remotely and I don't have any backup whatsoever, is it possible to recover my phone data