Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @_RyanBenson
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @_RyanBenson
-
Prikvačeni tweet
Here's the blog post on my new tool: https://dfir.blog/introducing-unfurl/ … Unfurl takes a URL
and expands ("unfurls") it to show all the data it contains. It's amazing how much can be hidden inside URLs!
Take it for a spin and tell me what interesting stuff you find

#DFIR#Pythonpic.twitter.com/446t1vcIeVHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
One of the bigger changes in
#Chrome v80 is around cookies
. The 'SameSite' value will be set to 'Lax' by default, making the cookie 'first-party'.
#DailyDFIR 37: What is SameSite all about? Here are some resources:
https://web.dev/samesite-cookies-explained/ …
https://www.chromium.org/updates/same-site/faq …
#DFIRHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
#DailyDFIR 36: Chrome v80 is here! I've updated my interactive "evolution" visualization. You can explore how the structure of the data that makes up your browsing history has changed through#Chrome's many versions:
http://dfir.blog/chrome-evolution/ …
#DFIR#datavizpic.twitter.com/wJDv7bjfacHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ryan Benson proslijedio/la je Tweet
Divide complex URLs into snippets using Unfurl tool
@_RyanBenson You can use it online: https://dfir.blog/unfurl/ Or install and use it locally: https://lnkd.in/eQnCnwB#osint#opensource#intelligence#tool#unfurlpic.twitter.com/8FeecIBsWz
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
There are a _lot_ of different timestamps you might come across in
#DFIR.#DailyDFIR 35: Nice post by@BlakDouble on different timestamps
. I like the level of explanation on how to do each conversion & the live updating current time is a nice touch!
http://doubleblak.com/blogPosts.php?id=7 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
If you want to know how the Magic works, there is a nice write-up:https://github.com/gchq/CyberChef/wiki/Automatic-detection-of-encoded-data-using-CyberChef-Magic …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I put out a short (hopefully fun) challenge yesterday. The encoding chain in the challenge was: Base32 > zlib inflate > Morse > ROT13 I made a video showing how easy CyberChef makes those transforms.
#DailyDFIR 34: The CyberChef "Magic" button is, well, magic!
#DFIRpic.twitter.com/tHQoUi4NVKPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Here's a short challenge for today:
#DailyDFIR 33: What does this say? PCOBLCKBBUAAAEEC72L4EAWSH6PJZDSNI5J6ABFHEE6PDI5TDVWLSBPU#DFIR#SundayFundayHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
We've finished the first month of the year! January focused on Unfurl (https://dfir.blog/unfurl ) & extracting info from URLs, including:
Types of Unique IDs
Timestamps
Twitter
Google Search
Discord
#DailyDFIR 32: What#DFIR topics would you like to see next?Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Malicious emails can have interesting links, but if you really want some convulsion, look at marketing emails
.
#DailyDFIR 31: Unfurl can now inflate zlib-compressed strings. This example has base64
zlib
&-delimited string:
https://dfir.blog/unfurl/?url=http://email.p2p.talkable.com/c/eJwljb1uxCAcw58mbIn4A8fHwNDl1qprF0T4uNCSEAEXtW9_VJXsxbL985o46yNKWgoK7ub4zLlgMxMrn5UENVsloqdYSszxxPBJzqXb_G3XHBZXdrRpSgR23it-8wAMCAHqeIzYYRo5kxjt7WGS1wBECUYZoKy33s820beJ3IdqiKEua9lX2_5OR_Qz_HV9vn_cUdX11x6D7WMarVweqOuj9BRTqKbEsW2mbbYGcyVrwm5TRuG49FmLf7qeyoFa6sG0_Hzof8oLG1VPLA …
All for
!
#DFIRpic.twitter.com/srrAzugYu6
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
On the topic of Google Search URLs:
#DailyDFIR 30:@phillmoore did a@SANSInstitute webcast a few years ago talking about his research into#Google web artifacts: google[.]com/search?q=what+does+this+all+mean?
https://www.sans.org/webcasts/104857 (SANS account login required)
#DFIR#TBTHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
More on
#Google timestamps & context:#DailyDFIR 29: If you see google[.]com/url?q=.. (url, not search), you often can tell where & when(ish) the user clicked the link. ust param gives
, source param shows where clicked (gmail, hangouts, etc).
https://dfir.blog/unfurl/?url=https://www.google.com/url?q=https://dfir.blog&sa=D&source=hangouts&ust=1580309142117000&usg=AFQjCNHbC8ZAXe-vC_i0AD6coL6jaedxXA …
#DFIRHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thanks
@PhilHagen! Unfurl
can be run locally with #Python or with#Docker.#DailyDFIR 28: There are many great tools
with online & local versions. Know what's best for your situation.
Not just with #DFIR tools - is it really ok to upload <x> to that "free" site?
https://twitter.com/PhilHagen/status/1222161171937140736 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I know - the linked site: Deed Poll? Legally changing name in UK? Weird, but it has some good research on Google search parameters.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
More on
#Google Search
: the ved has more in it that just a timestamp
.
#DailyDFIR 27: the ved parameter can give you context on how a user got to a page: what kind of link they clicked on & its position. Older (but still relevant post):
https://deedpolloffice.com/blog/articles/decoding-ved-parameter … #DFIRPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Another reason I
working on open source tools: others helping make your thing better.
#DailyDFIR 26: You can now run Unfurl
using #Docker thanks to@therealwlambert! Readme updated with instructions: https://github.com/obsidianforensics/unfurl/blob/master/README.md …#DFIRHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
User Agent strings are also going away in Chrome; soon there will be User Agent Client Hints: https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/-2JIRNMWJ7s/yHe4tQNLCgAJ …
@hackerfactor has thoughts on this too: http://www.hackerfactor.com/blog/index.php?/archives/866-User-Agent-Client-Hints.html …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
#DailyDFIR 25: I've liked trying to decipher what User Agent strings mean. There's so much (seemingly conflicting!) info in them. For some Saturday#DFIR reading,@hackerfactor has a great blog on telling truth vs lies in User Agent Strings:
http://www.hackerfactor.com/blog/index.php?/archives/703-Invasion-of-Privacy.html …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thanks
@HECFBlog, good times as always on the show!https://twitter.com/B1N2H3X/status/1220823623251812352 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
#DailyDFIR 24: I'll be on the Forensic Lunch talking about Unfurl!@MagnetForensics's@B1N2H3X will be there too!
at 10am PST: https://www.youtube.com/watch?v=Vh6lhKWwIS8 …
The Forensic Lunch by @HECFBlog is a great way to learn about different facets of#DFIR. Past shows:https://www.youtube.com/channel/UCZ7mQV3j4GNX-LU1IKPVQZg …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Another
#Google#Search parameter packed with data is gs_l.#DailyDFIR 23: The gs_l parameter can provide context around how a user performed a search
and (very!) detailed timing
.

@phillmoore's GSERPent tool
: https://github.com/randomaccess3/googleURLParser/blob/master/GSERPent.pl …
https://dfir.blog/unfurl/?url=https://www.google.com/search?sxsrf=ACYBGNR4uX9HaJeaaFfoxh_ecxlaxIXksg%3A1574636670619&ei=fgzbXbnoIZjf-gS87bK4CQ&q=dfir.blog+unfurl&oq=dfir.blog+unfurl&gs_l=psy-ab.3..35i39.6411.9036..9208...0.0..0.212.683.6j0j1......0....1..gws-wiz.......0i30j0i8i30.dDviH4hTVpM&ved=0ahUKEwi5n5jb-oPmAhWYr54KHby2DJcQ4dUDCAs&uact=5 …
#DFIRpic.twitter.com/OJ79ugf36G
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.