Some thoughts about NTFS Filesystem

Some information raised during preparation of GCFA exam The New Technology File System (NTFS) is a file system developed and introduced by Microsoft in 1995 with Windows NT as a replacement for the FAT file system. Versions Microsoft has released five versions of NTFS: v1.0: Released with Windows NT 3.1 in 1993. v1.0 is incompatible with…

How to verify that Wannacry patch is correctly installed

In a big company, with a lot of windows systems, checking the correct patching for Wannacry could be a little tricky. Security update MS17–010 addresses several vulnerabilities in Windows SMB v1 exploited by the WannaCrypt ransomware. However, the KB that contains that update differs between Windows versions, and some times it could be included into service…

Windows Command Line cheatsheet (part 2): WMIC

This command-line tool is really useful for both penetration testing and forensics tasks The previous article has raised interest in readers regarding WMIC. So I decided to write an article dedicated to this tool. If you’ve done any scripting for the Windows platform, you’ve probably bumped into the Windows Management Instrumentation (WMI) scripting API, which…