The βLong Darkβ is upon us, at least for those who live north of the equator, and while itβs all pre-holiday bustle, pretty lights, and the magical first snow of the season now, soon the harsh reality of slushy feet, filthy cars, and not seeing the sun for weeks on end will set in. And when it does, it pays to have something to occupy idle mind and hands alike, a project thatβs complicated enough to make completing even part of it feel like an accomplishment.
But this time of year, when daylight lasts barely as long as a good nightβs sleep, youβve got to pick your projects carefully, lest your winter project remain incomplete when the weather finally warms and thoughts turn to other matters. For me, at least, that means being realistic about inevitabilities such as competition from the day job, family stuff, and the dreaded βscope creep.β
Itβs that last one that Iβm particularly concerned with this year, because it has the greatest potential to delay this project into spring or even β forbid it! β summer. And that means I need to be on the ball about what the project actually is, and to avoid the temptation to fall into any rabbit holes that, while potentially interesting and perhaps even profitable, will only make it harder to get things done.
For my winter project this year, I chose something Iβve been itching to try for a while: an auto-starter for my generator. Currently, my solar PV system automatically charges its battery bank when the state of charge (SOC) drops below 50%, which it does with alarming frequency during these short, dark days. But rather than relying on shore power, I want my generator to kick on to top off the batteries, then turn itself off when the charge is complete.
In concept, itβs a simple project, since the inverter panel I chose has dry contacts that can trigger based on SOC. It seems like a pretty easy job, just a microcontroller to sense when the inverter is calling for a charge and some relays to kick the generator on. Itβs a little β OK, a lot β more complicated than that when you think about it, since you have to make sure the generator actually cranks over, youβve got to include fail-safes so the generator doesnβt just keep cranking endlessly if it doesnβt catch, and you have to make everything work robustly in an electrically and mechanically noisy environment.
However, in my case, the most challenging aspect is dealing with the mechatronics of the project. My generator is fueled by propane, which means thereβs a low-pressure regulator that needs to be primed before cranking the starter. When cranking the generator manually, you just push the primer button a few times to get enough propane into the fuel intake and turn the key. Automating this process, though, is another matter, one that will surely require custom parts, and the easiest path to that would be 3D printing.
But, up until a couple of weeks ago, I didnβt own a 3D printer. I know, itβs hard to believe someone who writes for Hackaday for a living wouldnβt own one of the essential bits of hacker kit, but there it is. To be fair to myself, I did dip my toe into additive manufacturing about six or seven years ago, but that printer was pretty awful and never really turned out great prints. It seemed like this project, with its potential need for many custom parts, was the perfect excuse to finally get a βbig boyβ printer.
And thatβs where I came upon the first potential rabbit hole: should I buy an out-of-the-box solution, or should I take on a side-quest project? I was sorely tempted to take the latter course by getting one of those used Enders returned to Amazon, having heard that theyβre about half the price of new and often need very little work to get them going. But then again, sometimes these printers have gone through a lot in the short time they were in a customerβs hands, to the point where they need quite a bit of work to get them back in good order.
While I like the idea of a cheap printer, and I wouldnβt mind tinkering with one to get it going again, I decided against the return route. I really didnβt like my odds, given that our Editor in Chief, Elliot Williams, says that of the two returned printers heβs purchased, one worked basically out of the box, while the other needed more work to get in shape. I wanted to unbox the printer and start making parts right away, to get this project going. So, I took the plunge and bought a Bambu P1S on a pre-Black Friday sale that was much less than list price, but much more than what I would have paid for a returned Ender.
Now, Iβm not going to turn this into a printer review β thatβs not really the point of this article. What I want to get across is that I decided to buy a solution rather than take on a new hobby. I got the Bambu up and running in about an hour and was cranking out prototype parts for my project later that afternoon. Yes, I might have had the same experience with a returned printer at about half the price of the Bambu, but I felt like the perceived value of a new printer was worth the premium price, at least in this case.
I think this is a pretty common choice that hackers face up and down the equipment spectrum. Take machine tools, for instance. Those of us who dream of one day owning a shop full of metalworking tools often trawl through Facebook Marketplace in search of a nice old South Bend lathe or a beautiful Bridgeport milling machine, available for a song compared to what such a machine would cost new. But with the difficulty and expense of getting it home and the potential for serious mechanical problems like worn ways or broken gears that need to be sorted before putting the machine to use, the value proposition could start to shift back toward buying a brand new machine. Expensive, yes, but at least you stand a chance of making parts sooner.
Donβt get me wrong; Iβd love to find a nice old lathe to lovingly restore, and I just may do that someday. Itβs like buying a rusty old classic car; youβre not doing it to end up with a daily driver, but rather for the joy of restoring a fine piece of engineering to its former glory. In projects like that, the journey is the point, not the destination. But if I need to make parts right away, a new lathe β or mill, or CNC router, or 3D printer β seems like the smarter choice.
Iβll turn things over to you at this point. Have you come up against this kind of decision before? If so, which path did you choose? Has anyone had a satisfying out-of-the-box experience with returned printers? Was I unnecessarily pessimistic about my chances in that market? What about your experience with large machine tools, like lathes and mills? Is it possible to buy used and not have the machine itself become the project? Sound off in the comments below.
The FBI says that account takeover scams this year have resulted in 5,100-plus complaints in the U.S. and $262 million in money stolen, and Bitdefender says the combination of the growing number of ATO incidents and risky consumer behavior is creating an increasingly dangerous environment that will let such fraud expand.
The post FBI: Account Takeover Scammers Stole $262 Million this Year appeared first on Security Boulevard.
Morpheus automates Tier 1 and Tier 2 SOC work across Microsoft Sentinel, Defender, and Entra ID. Scale your MSSP, maintain SLA compliance and service quality.
The post Morpheus on Microsoft: AI SOC Platform for MSSPs Managing Sentinel, Defender, Entra, and More appeared first on D3 Security.
The post Morpheus on Microsoft: AI SOC Platform for MSSPs Managing Sentinel, Defender, Entra, and More appeared first on Security Boulevard.
On Monday, veteran game developer Rebecca Ann Heineman died in Rockwall, Texas, at age 62 after a battle with adenocarcinoma. Apogee founder Scott Miller first shared the news publicly on social media, and her son William confirmed her death with Ars Technica. Heinemanβs GoFundMe page, which displayed a final message she had posted about entering palliative care, will now help her family with funeral costs.
Rebecca βBurger Beckyβ Heineman was born in October 1963 and grew up in Whittier, California. She first gained national recognition in 1980 when she won the national Atari 2600 Space Invaders championship in New York at age 16, becoming the first formally recognized US video game champion. That victory launched a career spanning more than four decades and 67 credited games, according to MobyGames.
Among many achievements in her life, Heineman was perhaps best known for co-founding Interplay Productions with Brian Fargo, Jay Patel, and Troy Worrell in 1983. The company created franchises like Wasteland, Fallout, and Baldurβs Gate. At Interplay, Heineman designed The Bardβs Tale III: Thief of Fate and Dragon Wars while also programming ports of classics like Wolfenstein 3D and Battle Chess.
Β© Rebecca Heineman
Microsoft announced new security capabilities for Defender, Sentinel, Copilot, Intune, Purview, and Entra.Β
The post Microsoft Unveils Security Enhancements for Identity, Defense, Compliance appeared first on SecurityWeek.
Welcome back, aspiring digital forensics investigators!
In the previous article we introduced Autopsy and noted its wide adoption by law enforcement, federal agencies and other investigative teams. Autopsy is a forensic platform built on The Sleuth Kit and maintained by commercial and community contributors, including the Department of Homeland Security. It packages many common forensic functions into one interface and automates many of the repetitive tasks you would otherwise perform manually.
Today, letβs focus on Autopsy and how we can investigate a simple case with the help of this app. We will skip the basics as we have previously covered it.Β
Start from the files you are given. In this walkthrough we received an E01 file, which is the EnCase evidence file format. An E01 is a forensic image container that stores a sector-by-sector copy of a drive together with case metadata, checksums and optional compression or segmentation. It is a common format in forensic workflows and preserves the information needed to verify later that an image has not been altered.
Before any analysis begins, confirm that your working copy matches the original by comparing hash values. Tools used to create forensic images, such as FTK Imager, normally generate a short text report in the same folder that lists the image metadata and hashes you can use for verification.
Autopsy also displays the same hash values once the image is loaded. To see that select the Data Source and view the Summary in the results pane to confirm checksums and metadata.
Enter all receipts and transfers into the chain of custody log. These records are essential if your findings must be presented in court.
Create a new case and add the data source. If you have multiple EnCase segments in the same directory, point Autopsy to the first file and it will usually pick up the remaining segments automatically. Let the ingest modules run as required for your investigative goals, and keep notes about which modules and keyword searches you used so your process is reproducible.
First letβs see the computer name we are looking at. Names and labelling conventions can differ from the actual system name recorded in the image. You can quickly find the host name listed under Operating System Information, next to the SYSTEM entry.Β
Knowing the host name early helps orient the rest of your analysis and simplifies cross-referencing with network or domain logs.
To understand who accessed the machine and when, we can review last login and account activity artifacts. Windows records many actions in different locations. These logs are extremely useful but also mean attackers sometimes attempt to use those logs to their own advantage. For instance, after a domain compromise an attacker can review all security logs and find machines that domain admins frequently visit. It doesnβt take much time to find out what your critical infrastructure is and where it is located with the help of such logs.Β
In Autopsy, review Operating System, then User Accounts and sort by last accessed or last logon time to see recent activity. Below we see that Sivapriya was the last one to login.
A last logon alone does not prove culpability. Attackers may act during normal working hours to blend in, and one userβs credentials can be used by another actor. You need to use time correlation and additional artifacts before drawing conclusions.
Review installed applications and files on the system. Attackers often leave tools such as Python, credential dumpers or reconnaissance utilities on disk. Some are portable and will be found in Temp, Public or user directories rather than in Program Files. Execution evidence can be recovered from Prefetch, NTUSER.DAT, UserAssist, scheduled tasks, event logs and other sources we will cover separately.
In this case we found a network reconnaissance tool, Look@LAN, which is commonly used for mapping local networks.
Signed and legitimate tools are sometimes abused because they follow expected patterns and can evade simple detection.
Finding the IP address assigned to the host is useful for reconstructing lateral movement and correlating events across machines and the domain controller. The domain controller logs validate domain logons and are essential for tracing where an attacker moved next. In the image you can find network assignments in registry hives: the SYSTEM hive contains TCP/IP interface parameters under CurrentControlSet\Services\Tcpip\Parameters\Interfaces and Parameters, and the SOFTWARE hive stores network profile signatures under Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Managed and \Unmanaged or NetworkList
If the host used DHCP, registry entries may show previously assigned IPs, but sometimes the attackerβs tools carry their own configuration files. In our investigation we inspected an application configuration file (irunin.ini) found in Program Files (x86) and recovered the IP and MAC address active when that tool was executed.Β
The network adapter name and related entries are also recorded under SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards.
Examine the Users folder thoroughly. Attackers may intentionally store tools and scripts in other directories to create false flags, so check all profiles, temporary locations and shared folders. When you extract an artifact for analysis, hash it before and after processing to demonstrate integrity. In this case we located a PowerShell script that attempts privilege escalation.
The script checks if it is running as an administrator. If elevated it writes the output of whoami /all to %ALLUSERSPROFILE%\diag\exec_<id>.dat. If not elevated, it temporarily sets a value under HKCU\Environment\ProcExec with a PowerShell launch string, then triggers the built-in scheduled task \Microsoft\Windows\DiskCleanup\SilentCleanup via schtasks /run in the hope that the privileged task will pick up and execute the planted command, and finally removes the registry value. Errors are logged to a temporary diag file.
The goal was to validate a privilege escalation path by causing a higher-privilege process to run a payload and record the resulting elevated identity.
We also found evidence of credential dumping tools in user directories. Mimikatz was present in Hasanβs folder, and Lazagne was also detected in Defender logs. These tools are commonly used to extract credentials that support lateral movement. The presence of python-3.9.1-amd64.exe in the same folder suggests the workstation could have been used to stage additional tools or scripts for propagation.
Remember that with sufficient privileges an attacker can place malicious files into other usersβ directories, so initial attribution based only on file location is tentative.
If endpoint protection was active, its detection history can hold valuable context about what was observed and when. Windows Defender records detection entries can be found under C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory*.Β
Below we found another commonly used tool called LaZagne, which is available for both Linux and Windows and is used to extract credentials. Previously, we have covered the use of this tool a couple of times and you can refer to Powershell for Hackers β Basics to see how it works on Windows machines.
Correlate those entries with file timestamps, prefetch data and event logs to build a timeline of execution.
It was also mentioned that the attackers attempted the Zerologon exploit. Zerologon (CVE-2020-1472) is a critical vulnerability in the Netlogon protocol that can allow an unauthenticated attacker with network access to a domain controller to manipulate the Netlogon authentication process, potentially resetting a computer account password and enabling impersonation of the domain controller. Successful exploitation can lead to domain takeover.Β
Using keyword searches across the drive we can find related files, logs and strings that mention zerologon to verify any claims.Β
In the image above you can see NTUSER.DAT contains βZerologonβ. NTUSER.DAT is the per-user registry hive stored in each profile and is invaluable for forensics. It contains persistent traces such as Run and RunOnce entries, recently opened files and MRU lists, UserAssist, TypedURLs data, shells and a lot more. The presence of entries in a userβs NTUSER.DAT means that the userβs account environment recorded those actions. The entry appears in Sandhyaβs NTUSER.DAT in this case, it suggests that the account participated in this activity or that artifacts were created while that profile was loaded.
Pulling together the available artifacts suggests the following sequence. The first login on the workstation appears to have been by Sandhya, during which a Zerologon exploit was attempted but failed. After that, Hasan logged in and used tools to dump credentials, possibly to start moving laterally. Evidence of Mimikatz and a Python installer were found in Hasanβs directory. Finally, Sivapriya made the last recorded login on this workstation and a PowerShell script intended to escalate privileges was found in their directory. This script could have been used during lateral activity to escalate privileges on other hosts or if local admin rights were not assigned to Hasan, another attacker could have tried to escalate their privileges using Sivapriyaβs account. At this stage it is not clear whether multiple accounts represent separate actors working together or a single hacker using different credentials. Resolving that requires cross-host correlation, domain controller logs and network telemetry.
This was a basic Autopsy workflow. For stronger attribution and a complete reconstruction we need to collect domain controller logs, firewall and proxy logs and any endpoint telemetry available. Specialised tools can be used for deeper analysis where appropriate.
As you can see, Autopsy is an extensible platform that can organize many routine forensic tasks, but it is only one part of a comprehensive investigation. Successful disk analysis depends on careful evidence handling and multiple data sources. Itβs also important to confirm hashes and chain of custody before and after the analysis. When you combine solid on-disk analysis with domain and network logs, you can move from isolated observations to a defensible timeline and conclusions.Β
If you need forensic assistance, we offer professional services to help investigate and mitigate incidents. Additionally, we provide classes on digital forensics for those looking to expand their skills and understanding in this field.
Lavender eye pillows are a wonderful way to promote sleep, relieve anxiety, and they can even help reduce ... Read More
The post Serenity Now! Encouraging Deep Relaxation with Homemade Lavender Eye Pillows appeared first on Garden Therapy.
Microsoft recently announced the launch of Project Ire β a dedicated AI agent for malwareβ¦
Project Ire β Microsoft Launches AI Agent For Automated Malware Classification on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
Mango sago, a stunning tropical dessert from Southeast Asia, is equally popular here in India! Thatβs simply because mango is the most loved summer fruit here and sago is part of our staples for ages!
If you wanna make just one mango dessert recipe this summer season, then make this vegan mango sago without thinking twice! You will fall in love with yourself once you try this! I bet!
This supremely creamy & velvety mango sago is just like a hug that will fill your heart & soul with warmth that you didn't even know you have always been craving for!
This gorgeous pinterest worthy dessert would be your perfect choice if you are hosting guests at home as this has a win-win combination!
Firstly, this mango sago is made with the most on-demand seasonal fruit i.e. mango which makes any summer dessert special.
Secondly, being completely dairy-free, this mango dessert can be enjoyed by everyone! Vegans and lactose intolerant guests can have this worry-free! Win-win right?
What is mango sago?
I know it would be embarrassing for me, but let me confess! I was not aware of this dish until recently when I was researching what to make with mango!
Though sago is part of our Indian food culture, in my home it is usually consumed with milk & sugar during fasting.
Apart from that I had no idea such a marvelous dessert can be made with these humble tapioca pearls pairing it with my favorite fruit of all time!
So to describe what mango sago is I would say it is an eye opener making me realize that many hidden treasures are there in my own cuisine that I am yet to discover!
The post Best Ever Vegan Mango Sago | Summer Special Mango Sago with Coconut Milk first appeared on Flavor Quotient.
The form and size of a herb garden is determined by the interest these plants hold for the individual. It can be a tiny border of commonly used culinary herbs such as mint, parsley, sage and thyme or an elaborate garden designed to house a wide collection of herbs. Many plants could legitimately be included in one of these large [β¦]
The post Herb Gardening β Harvest, Design, Storing Herbs appeared first on Backyard Gardener.
No Churn Eggless Pistachio Ice Cream , there were so many requests for the eggless pistachios ice cream since I posted Custard based Pistachios Ice Cream in blog, which was one main layer in the popular Cassata Ice cream Recipe. Even though I have Ice Cream maker I did this ice cream in hand blender...This article is not intended to convince you to abandon your current antivirus solutions. In this post I would like to share my observations and ways to improve the effectiveness of Defender.
You donβt need to buy expensive antivirus software. If you are a standard user, surfing the web, you donβt want to install additional software (eg.
Login