You need a plan for when disaster strikes, and I don’t just mean being prepared for a hurricane or wildfire. What do you do to stay connected and preserve your data when your phone is shattered or, worse, lost for good?
Home Assistant is a free, open-source, and independent smart home platform, but did you know there’s a company called Nabu Casa chipping in behind the scenes? If you want to pay to make remote access and cloud backup as easy as possible, that’s where your money goes.
Bitcoin (BTC) began the week dropping nearly 10% from the recent highs and retesting the $84,000 area before bouncing. As price risks more downside with early bear market signals, a market observer suggested that the upcoming weeks will be crucial for BTC’s future path.
Last week, Bitcoin led the brief market recovery, surging from its seven-month low of $80,600 toward the $93,000 area, retesting a key weekly re-accumulation range between these two levels. However, the Sunday correction sent the price back to the range lows, raising concerns about the flagship crypto’s short-term future.
Analyst Rekt Capital highlighted that BTC is stabilizing within its weekly range, holding its position above the $82,000 range low. This area marks the top of an early 2025 liquidity cluster that developed around the 50-Week EMA, where the price has tapped with three downside wicks over the past month.
“Last week’s Weekly Close above the Range Low enabled a relief move toward $93,500,” the analyst explained, “but that level acted as clean resistance,” after Friday’s rejection. To the analyst, maintaining stability around the weekly range lows is important because further downside wicking into the cluster is probable.
However, he noted that the consolidation structure remains intact as long as BTC’s price continues to hold above the range low in the weekly timeframe. Rekt Capital added that Bitcoin continues to trade below a sharply declining Macro Downtrend that “has been dictating resistance throughout this phase of the cycle.”
Per the analysis, “A breakout soon would require reclaiming higher price levels, whereas a later attempt would meet the trendline at lower valuations, narrowing the distance between the current price and resistance.”
“In either case, the Macro Downtrend remains the dominant structural barrier, and Bitcoin’s path forward depends on whether consolidation near the Weekly Range Low can bring price closer to a meaningful test of this sharply descending level,” he continued.
Rekt Capital also highlighted that BTC remains below the 21-Week EMA and 50-Week EMA, which could pose a problem for its future price action as the distance between these moving averages continues to narrow.
As he detailed, when these EMAs compress and ultimately cross, it tends to precede further downside. Although it usually takes weeks after the crossover for price acceleration to “fully unfold,” it still implies that the crossover risk is increasing.
The two EMAs currently represent potential resistance levels on future relief attempts, with the 50-Week EMA retest “leaving room for a future rejection if price revisits it.”
This position, the analyst explained, places BTC in a “vulnerable technical environment” as “the convergence of the EMAs toward the Macro Downtrend creates a layered zone of resistance that will be difficult to overcome unless price can reclaim one of these moving averages and stabilise above it.”
Until Bitcoin successfully turns one of the EMAs into support, “the structure resembles the early-stage clustering seen in prior cycles where EMAs compressed before a broader bearish continuation,” the analyst concluded.
As of this writing, Bitcoin is trading at $88,294, a 2.3% increase in the daily timeframe.
While the crypto market bounces from last week’s correction, Bitcoin (BTC) is attempting to reclaim a crucial area as support to continue its recovery rally. As the flagship crypto faces some resistance, some market watchers have suggested that this week’s close may be key for its end-of-year performance.
Bitcoin has retested a crucial resistance level for the first time in a week, hitting a one-week high of $93,092 on Friday morning before retracing. The flagship crypto has failed to hold crucial support levels throughout the November corrections, trading below $100,000 for nearly two weeks.
A week ago, BTC plunged below $90,000 during the latest market correction, reaching a seven-month low of $80,600. However, the cryptocurrency led this week’s broader recovery, reclaiming key levels over the past few days.
Amid its recent performance, some market observers have noted that Bitcoin is currently retesting a crucial re-accumulation region, between $82,000 and $93,000, where the price consolidated after previous pullbacks, including the Q1 market correction.
Analyst Rekt Capital highlighted that BTC rebounded more than 7% from the local bottom and has revisited the range high resistance during Friday’s recovery. Now, Bitcoin is attempting to hold the high zone of its local range, retesting the $90,000-$91,000 area as support after being rejected from the key resistance.
Previously, he pointed out that last week’s weekly close aligned with the flagship crypto’s monthly range, setting the stage for a potential floor around the $86,000 area, which would develop a new range between this level and the $93,000 resistance.
To the analyst, Bitcoin must close the week, which also coincides with November’s monthly close, above $93,5000 and turn this level into support if it wants to further build on its newfound momentum and potentially revisit its two-month downtrend line, which currently sits near the $96,000 mark.
“The ~$93500 level happens to be a Four-Year Cycle level. History suggests price should be able to find a way to 12-month close above ~$93500 to finish 2025 green,” Rekt Capital added on X.
Market watcher Ted Pillows discussed BTC’s short-term future as it faces some resistance around the $92,000-$93,000 levels. To the analysts, reclaiming this area could propel the price towards the $98,000-$100,000 barrier in the coming weeks.
On the contrary, he suggested that failing to reclaim this level will send Bitcoin’s price below the $88,000 mark. Earlier this week, Ted warned that this was one of the most important levels to reclaim and hold as support in the short term, as a rejection from this area could trigger a significant drop below the recent lows.
Similarly, Daan Crypto Trades noted that the constant sell-off of the past few weeks has created “a ton of marginally lower highs, creating such a big liquidity pocket” between the $97,000-$98,000 zone.
This region also aligns with key horizontal price levels in bigger timeframes, making it a “good area to watch,” as BTC continues to consolidate in a relatively tight range.
The trader considers that if BTC’s price breaks down, the $88,000 mark could be a good place for a higher low. However, if the price holds above the $91,800 level, it may trigger another retest of the $93,000 resistance.
Ultimately, He warned that the market could likely see a “Choppy environment in the short-term surrounding Thanksgiving, which always sees pretty low volume & liquidity.”
As of this writing, Bitcoin is trading at $90,500, a 1.1% decline in the daily timeframe.
As the crypto market rebounds from the recent lows, Solana (SOL) has reclaimed a crucial level, nearing a key resistance area that could set the stage for a long-awaited price recovery rally, according to some market watchers.
The crypto market has surged above the $3 trillion mark for the first time in a week, with Bitcoin, Ethereum, and most leading cryptocurrencies reclaiming crucial support levels lost during the latest market pullback.
Solana joined the market rally and jumped from the recently recovered $135-$140 area to the upper zone of its local range on Wednesday afternoon. Notably, the altcoin has been trading between the $130-$145 price range over the past two weeks, briefly losing the lower boundary during last week’s correction.
This week, SOL’s price has reclaimed some crucial ground, surging over 10% since Monday’s opening and nearing the $145 resistance. Amid this performance, analyst Ted Pillows noted institutional participation, as SOL treasury companies have started to show early signs of recovery.
He also highlighted that Solana Exchange-Traded Funds (ETFs) have experienced record inflows this month despite the correction. According to Farside Investors’ data, the SOL-based investment products have registered $613 million in inflows since their launch on October 28.
It’s worth noting that throughout the recent pullbacks, Solana funds have seen a strong demand, with a 22-day positive streak while the altcoin’s price descended to multi-month lows.
However, as its price recovered, SOL’s ETFs registered their first negative in nearly a month. 21Shares’ TSOL, which launched a week ago, saw $34 million in outflows on Wednesday, outshining the over $13 million and $10 million in inflows of Bitwise’s BSOL and Grayscale’s GSOL. As a result, the whole category recorded net outflows of $8.1 million.
In his analysis, Ted Pillows also noted that “It seems like SOL has bottomed for a while, but institutional buying needs to accelerate here. Otherwise, it won’t take long for Solana to make new lows.”
Analyst Ali Martinez suggested that Solana’s pain might be over as its price “usually bottoms when investors capitulate… And for the past two weeks, that’s exactly what’s been happening.”
According to the chart, SOL’s price has historically found a floor when the Net Unrealized Profit/Loss (NUPL) indicator reaches the capitulation zone, which it has recently fallen to. Meanwhile, Crypto Patel highlighted that Solana is breaking out of a one-month downtrend, which could trigger a 25% recovery rally near the key $180 barrier in the coming weeks.
Another market observer warned that the altcoin is “walking straight into the lion’s den” as its price nears the $144-$146 resistance levels. Trader Mr. Ape noted that Solana’s price has been rejected three times from this heavy supply area, and momentum “is slowing again as we hit the zone.”
To the trader, this is the crucial level to watch, as another rejection could send the price to the $132 support, where strong demand lies from the previous bounce. On the contrary, a successful breakout from this level and reclaiming it as support could confirm the shift and trigger a surge to the $157 area.
As of this writing, Solana is trading at $142, a 7.7% increase on the weekly timeframe.
When wildfires sweep through neighborhoods, insurance is often the last line of defense. But increasingly, that defense is disappearing. Recently, the insurance industry has responded to severe climate risks by withdrawing coverage from higher-risk areas.
Welcome back, aspiring digital forensic analysts!
There are times when our work requires repairing damaged disks to perform a proper forensic analysis. Attackers use a range of techniques to cover their tracks. These can be corrupting the boot sector, overwriting metadata, physically damaging a drive, or exposing hardware to high heat. That’s what they did in Mr.Robot.
Physical damage often destroys data beyond practical recovery, but a much more common tactic is logical sabotage. Attackers wipe partitions, corrupt the Master Boot Record, or otherwise tamper with the file system to slow or confuse investigators. Most real-world incidents that require disk-level recovery come from remote activity rather than physical tampering, unless the case involves an insider with physical access to servers or workstations.
Inexperienced administrators sometimes assume that data becomes irrecoverable after tampering, or that simply deleting files destroys their content and structure. That is not true. In this article we will examine how disks can be repaired and how deleted files can still be discovered and analysed.
In our previous article, PowerShell for Hackers: Mayhem Edition, we showed how an attacker can overwrite the MBR and render Windows unbootable. Today we will examine an image with a deliberately damaged boot sector. The machine that produced the image was used for data exfiltration. An insider opened an important PDF that contained a canary token and that token notified the owner that the document had been opened. It also showed the host that was used to access the file. Everything else is unknown and we will work through the evidence together.
Corrupting the disk boot sector is straightforward in principle. You alter the data the system expects to find there so the OS cannot load the disk in the normal way. File formats, executables, archives, images and other files have internal headers and structures that tell software how to interpret their contents. Changing a file extension does not change those internal headers, so renaming alone is a poor method of concealment. Tools that inspect file headers and signatures will still identify the real file type. Users sometimes try to hide VeraCrypt containers by renaming them to appear as ordinary executables. Forensic tools and signature scanners will still flag such anomalies. Windows also leaves numerous artefacts that can indicate which files were opened. Among them are MRU lists, Jump Lists, Recent Items and other traces created by common applications, including simple editors.
Before we continue, let’s see what evidence we were given.
Above is a forensic image and below is a text file with metadata about that image. As a forensic analyst you should verify the integrity of the evidence by comparing the computed hash of the image with the hash recorded in the metadata file.
If the hash matches, work only on a duplicate and keep the original evidence sealed. Create a verified working copy for all further analysis.
Opening a disk image with a corrupted boot sector in Autopsy or FTK Imager will not succeed, as many of these tools expect a valid partition table and a readable boot sector. In such cases you will need to repair the image manually with a hex editor such as HxD so other tools can parse the structure.
The first 512 bytes of a disk image contain the MBR (Master Boot Record) on traditional MBR-partitioned media. In this image the final two bytes of that sector were modified. A valid MBR should end with the boot signature 0x55 0xAA. Those two bytes tell the firmware and many tools that the sector contains a valid boot record. Without the signature the image may be unreadable, so restoring the correct 0x55AA signature is the first step we need to do.
When editing the MBR in a hex editor, do not delete bytes with backspace, you need to overwrite them. Place the cursor before the bytes to be changed and type the new hex values. The editor will replace the existing bytes without shifting the file.
This image contains two partitions. In a hex view you can see the partition table entries that describe those partitions. In forensic viewers such as FTK Imager and Autopsy those partitions will be displayed graphically once the MBR and partition table are valid.
Both of them are in the black frame. The partition table entries also encode the partition size and starting sector in little-endian form, which requires byte-order interpretation and calculation to convert to human-readable sizes. For example, if you see an entry that corresponds to 63,401,984 sectors and each sector is 512 bytes, the size calculation is:
63,401,984 sectors × 512 bytes = 32,461,815,808 bytes, which is 32.46 GB (decimal) or ≈ 30.23 GiB
Now let’s use FTK Imager to view the contents of our evidence file. In FTK Imager choose File, then Add Evidence Item, select Image File, and point the application to the verified copy of the image.
Once the MBR has been repaired and the image loaded, FTK Imager will display the partitions and expose their file systems. While Autopsy and other automated tools can handle a large portion of the analysis and save time, manual inspection gives you a deeper understanding of how Windows stores metadata and how to validate automated results. In this article we will show how to manually get the results and put the results together using Zimmer’s forensic utilities.
Our next goal is to analyse the $MFT (Master File Table). The $MFT is a special system file on NTFS volumes that acts as an index for every file and directory on the file system. It contains records with metadata about filenames, timestamps, attributes, and, in many cases, pointers to file data. The $MFT is hidden in File Explorer, but it is always present on NTFS volumes (for example, C:$MFT)
Export the $MFT from the mounted or imaged volume. Right-click the $MFT entry in your forensic viewer and choose Export Files
To parse and extract readable output from the $MFT you can use MFTECmd.exe, a tool included in Eric Zimmerman’s EZTools collection. From a command shell run the extractor, for example:
PS> MFTECmd.exe -f ..\Evidence$MFT --csv ..\Evidence\ --csvf MFT.csv
The command above creates a CSV file you can use for keyword searches and timeline work. If needed, rename the exported files to make it easier to work with them in PowerShell.
When a CSV file is opened, you can use basic keyword search or pick an extension to see what files existed on the drive.
Understanding and working with $MFT records is important. If a suspect deleted a file, the $MFT may still contain its last known filename, path, timestamps and sometimes even data pointers. That information lets investigators target data recovery and build a timeline of the suspect’s activity.
During inspection of the second partition we located several suspicious entries. Many were marked as deleted but can still be exported and examined.
The evidence shows the perpetrator had a utility named DiskWipe.exe, which suggests an attempt to remove traces. We also found references to sensitive corporate documents, which together indicates data exfiltration. At this stage we can confirm the machine was used to access sensitive files. If we decide to analyze further, we can use registry and disk data to see whether the wiping utility was actually executed and what user executed it. This is outside of our scope today.
The $USNJRNL (Update Sequence Number Journal) is another hidden NTFS system file that records changes to files and directories. It logs actions such as creation, modification and deletion before those actions are committed to disk. Because it records a history of file-system operations, $UsnJrnl ($J) can be invaluable in cases involving mass file deletion or tampering.
To extract the journal, first go to root, then $Extend and double-click $UsnJrnl. You need a $J file.
You can then parse it with MFTECmd in the same way:
PS> MFTECmd.exe -f ..\Evidence$J --csv ..\Evidence\ --csvf J.csv
Since the second partition had the wiper, we can assume the perpetrator deleted files to cover traces. Let’s open the CSV in Timeline Explorer and set the Update Reason to FileDelete to view deleted files.
Among the deleted entries we found a folder named “data Exfil.” In many insider exfiltration cases the perpetrator will compress those folders before transfer, so we searched $MFT and $J for archive extensions. Multiple entries for files named “New Compressed (zipped) Folder.zip” were present.
The journal shows the zip was created and files were appended to it. The final operation was a rename (RenameOldName). Using the Parent Entry Number exposed in $J we can correlate entries and recover the original folder name.
As you can see, using the Parent Entry Number we found that the original folder name was “data Exfil” which was later deleted by the suspect.
From the assembled artifacts we can conclude that the machine was used to access and exfiltrate sensitive material. We found Excel sheets, PDFs, text documents and zip archives with sensitive data. The insider created a folder called “data Exfil,” packed its contents into an archive, and then attempted to cover tracks using a wiper. DiskWipe.exe and the deleted file entries support our hypothesis. To confirm execution and attribute actions to a user, we can examine registry entries, prefetch files, Windows event logs, shellbags and user profile activity that may show us process execution and the account responsible for it. The corrupted MBR suggests the perpetrator also intentionally damaged the boot sector to complicate inspection.
Digital forensics is a fascinating field. It exposes how much information an operating system preserves about user actions and how those artifacts can be used to reconstruct events. Many Windows features were designed to improve reliability and user experience, but those same features give us useful forensic traces. Although automated tools can speed up analysis, skilled analysts must validate tool output by understanding the underlying data structures and by performing manual checks when necessary. As you gain experience with the $MFT, $UsnJrnl and low-level disk structures, you will become more effective at recovering evidence and validating your hypotheses. See you soon!
SAN FRANCISCO — Facing renewed threats of federal intervention from President Trump, Mayor Daniel Lurie used an appearance at an Amazon event Tuesday to make the case that San Francisco is “on the rise,” citing its AI-fueled revival as proof of a broader comeback.
Without naming Trump or explicitly citing the proposal to deploy the National Guard, Lurie pushed back on the national narrative of urban decline — pointing to falling crime rates, new investment, and the city’s central role in the AI boom.
Lurie, who took office earlier this year, said San Francisco is “open for business” again, name-checking OpenAI and other prominent companies in the city as examples of the innovation fueling its recovery. Mayors of other cities, he said, would die to have one of the many AI companies based in San Francisco.
“Every single metric is heading in the right direction,” Lurie said, noting that violent crime is at its lowest level since the 1950s and car break-ins are at a 22-year low, among other stats.
He was speaking at the San Francisco-Marin Food Bank, as Amazon hosted journalists from around the country and the world on the eve of its annual Delivering the Future event, where the company shows its latest robotics and logistics innovations.
“I want you to tell everybody, wherever you come from, that San Francisco’s on the rise,” he said. “You tell them there’s a new mayor in town, that we’ve got this, and we do.”
Amazon and leaders of San Francisco-Marin Food Bank highlighted their partnership that uses the company’s delivery network to bring food to community members who can’t get to a pantry. The company said Tuesday it has delivered more than 60 million meals for free from food banks across the US and UK, committing to continue the program through 2028.
A New York Times report on Tuesday, citing internal Amazon documents, said the company wants to automate 75% of its operations in the coming years to be able to avoid hiring hundreds of thousands of workers. It noted that the company is looking at burnishing its image through community programs to counteract the long-term fallout.
Executives noted that Amazon has focused in the Seattle region on affordable housing, in line with its approach of adapting to different needs in communities where it operates.
Lurie pointed to the company’s San Francisco food bank partnership as a model for other companies. “Amazon is showing that they are committed to San Francisco,” he said.
Amazon Web Services is showing “significant signs of recovery” after a major outage early Monday that impacted sites and services including Facebook, Snapchat, Coinbase and Amazon itself — reviving concerns about the internet’s heavy reliance on the cloud giant.
The problems began shortly after midnight Pacific in Amazon’s Northern Virginia (US-EAST-1) region. In an update shortly after 2 a.m., AWS blamed a DNS resolution issue with DynamoDB, meaning the internet’s phone book failed to find the correct address for a database service used by thousands of apps to store and find data.
OpenAI’s ChatGPT was among the sites impacted, The Verge reported. Check-in kiosks went down at LaGuardia Airport, with lines starting to form earlier this morning, the New York Times reported. DownDetector showed problems for financial apps like Venmo and Robinhood, gaming services such as Roblox and Fortnite, the Signal messaging app, and productivity tools including Slack and Canva.
In an update at 3:35 a.m., Amazon confirmed that the core DNS issue was “fully mitigated,” reporting that most services had recovered and were operating normally.
However, AWS said it was still working through a backlog of requests for Lambda, its serverless computing platform. It also warned that some customers would see increased error rates when trying to launch new instances in its core cloud computing service, EC2.
Update: As of 6 a.m., Amazon reported it was making progress on the remaining issues with EC2. The company said new instance launches were succeeding in some data centers, and it was applying fixes to the rest. AWS also confirmed it was successfully processing the data backlog for its EventBridge and Cloudtrail services, with new events being delivered normally.
US-EAST-1 is AWS’s oldest and largest cloud region, a popular nerve center for online services, which has made it an Achilles heel for the internet over the years. Major outages originating from this same region also caused widespread disruptions in 2017, 2021, and 2023.
The latest outage suggests that many sites have not adequately implemented the redundancy needed to quickly fall back to other regions or cloud providers in the event of AWS outages.
Update: At 8:43 a.m., Amazon said it “narrowed down the source of the network connectivity issues,” blaming the root cause of the outage on an “underlying internal subsystem responsible for monitoring the health of our network load balancers.” It said it was throttling requests for new EC2 instances as it worked on recovery and mitigations.
Follow-up: AWS outage was not due to a cyberattack — but shows potential for ‘far worse’ damage
The private messaging app Signal just announced the much-awaited feature for its users – secure…
Signal App Introduces Secure Cloud Backup For Chats on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
Another unfortunate case of a ransomware attack on a municipality. Read more here and how they may end up paying the ransom.
Login