will finish later

frankxayachack · Nov 27, 2015 · 95442b3 · 95442b3
1 parent 89f33e0
commit 95442b3
Show file tree

Hide file tree

Showing 4 changed files with 64 additions and 6 deletions.
diff --git a/.DS_Store b/.DS_Store
diff --git a/Forensics/README.md b/Forensics/README.md
@@ -2,6 +2,52 @@
 
 ## Disk Forensics
 
+### Basic useful CLI tools:
+
+#### ps
+Show the processes for all users (a), displaying the process's user/ownser (u), and the processes that are not attached to a terminal (x):
+
+```shell
+$ ps aux
+```
+
+Display the full listing of all processes (useful for finding underisable processes):
+
+```shell
+$ ps ef
+```
+
+#### lsof
+
+Display a specific pricess in more details, by displaying the files and ports associated with that process.
+```shell
+$ lsof -p
+```
+
+Display processes running form or acessing files that have been unlinked: 
+
+```shell
+$ lsof +L1
+```
+
+#### find
+
+```shell
+$ find / -uid 0
+```
+
+### arp
+
+Display all MAC to IP address mapping of the system (useful for finding addresses of systems that are not part of the network.
+
+```shell
+$ arp -a
+```
+
+
+Others: uptime, free, df.
+
+
 ### dd
 
 ### strings
@@ -11,6 +57,8 @@ $ strings /tmp/mem.dump | grep BOOT_
 $ BOOT_IMAGE=/vmlinuz-3.5.0-23-generic
 ```
 
+
+
 ### scalpel
 
 ### TrID
@@ -21,8 +69,6 @@ $ BOOT_IMAGE=/vmlinuz-3.5.0-23-generic
 
 ### ExifTool
 
-### Hex editors
-
 ### dff
 
 ### CAINE
@@ -40,11 +86,13 @@ $ BOOT_IMAGE=/vmlinuz-3.5.0-23-generic
 
 ### Volatility: Analysing Dumps
 
-* [I have a lot of material on Volatility and Memory Forensics here](volatility.md)
-* I highly reccomend their training.
+* [Lots of material on Volatility and Memory Forensics here](volatility.md)
+* [On OSX Memory Forensics](osx_memory_forensics.md)
+* I highly recommend their training.
+
 
 ---------------
-### Scripts
+## Scripts
 
 #### PDFs
 Tools to test a PDF file:

diff --git a/Forensics/osx_memory_forensics.md b/Forensics/osx_memory_forensics.md
@@ -0,0 +1,3 @@
+# OSX Forensics
+
+(tbw)
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# My-Gray-Hacker-Resources
+# Gray Hacker Resources
 
 All in one big bag. Educational purposes.
 
@@ -78,6 +78,13 @@ telnet localhost 3000
 ### Books I Recommend
 
 #### Technical
+- [Bulletproof SSL and TLS](http:https://www.amazon.com/gp/product/1907117040?psc=1&redirect=true&ref_=oh_aui_detailpage_o06_s00)
+- [Reversing: Secrets of Reverse Engineering](http:https://www.amazon.com/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817)
+- [The Art of Memory Forensics](http:https://www.amazon.com/gp/product/1118825098?psc=1&redirect=true&ref_=oh_aui_search_detailpage)
+- [The C Programming Language](http:https://www.amazon.com/gp/product/0131103628?psc=1&redirect=true&ref_=oh_aui_search_detailpage)
+- [The Unix Programming Environment](http:https://www.amazon.com/gp/product/013937681X?psc=1&redirect=true&ref_=oh_aui_search_detailpage)
+- [UNIX Network Programming](http:https://www.amazon.com/gp/product/0139498761?psc=1&redirect=true&ref_=oh_aui_search_detailpage)
+- [Threat Modeling: Designing for Security](http:https://www.amazon.com/Threat-Modeling-Designing-Adam-Shostack/dp/1118809998)
 - [The Tangled Web](http:https://www.amazon.com/The-Tangled-Web-Securing-Applications/dp/1593273886)
 - [The Art of Exploitation](http:https://www.amazon.com/Hacking-The-Art-Exploitation-Edition/dp/1593271441)
 - [The Art of Software Security Assessment](http:https://www.amazon.com/The-Software-Security-Assessment-Vulnerabilities/dp/0321444426)