# Steganography `binwalk` `foremost` `exiftool` `zsteg` `stegsolve` `stegseek` `steg decoder`: https://stylesuxx.github.io/steganography/ `steghide`: dùng được cả cho `.wav` `jsteg` `Aperi'Solve`: tools tổng hợp check metadata `TweakPng`: kiểm tra các chunk của file png, có thể dễ dàng thay đổi size, kiểu, ... [sample write-up](https://www.aperikube.fr/docs/pragyan_2018/pictorial_mess/) `sigBits`: https://github.com/Pulho/sigBits `stepic` # PCAP/PCAPNG `aircrack-ng`: [usage](https://www.oreilly.com/library/view/hands-on-network-forensics/9781789344523/c4f92974-ac2f-493a-a81b-be71cf41e43d.xhtml) # Office `oletools` `olevba` `pdftohtml`: extract pdf layer # Brute Password `7zipcrack`: [source](https://github.com/cyberblackhole/7zip-crack?tab=readme-ov-file) `fcrackzip` # Evidence `Autopsy` `FTK Image` # Minidump `pypykatz`: [related](https://05t3.github.io/posts/DCTF/) `bulk_extractor`: [related](https://github.com/PWrWhiteHats/BtS-2024-Writeups/tree/master/forensics/bts_antivirus/writeup) # Malware static analysis `Whois`: search IP host, domain host, ... `VirusTotal` `MalwareBazaar` `ThreatFox`: Indicator Of Compromise (IOC) database # MISC `PowerDecode`: deobfuscate powershell script. [source](https://github.com/Malandrone/PowerDecode) # Window commands