├── Blue_Book ├── BluePrint.md └── Blue_Book.md ├── Explorations+Reflections ├── Explorations+Reflections.md ├── Explorations+Reflections2_PICO.md ├── Explorations+Reflections3.md ├── Explorations+Reflections4.md ├── Explorations+Reflections5.md ├── Explorations+Reflections6.md ├── Explorations+Reflections7.md ├── JumpLists_Research.md └── README.md ├── README.md ├── Rev+Pwn ├── CRACKMES.md ├── HTB_walkthroughs.md ├── Malware_Analysis_Basics.md ├── Malware_Analysis_Debug.md ├── Malware_Analysis_Defense_Evasion.md ├── PICO_Walkthroughs.md ├── PWN+Reversing_Insights.md ├── README.md └── Real_Malware │ ├── PussyRAT.md │ ├── india-steak-robert-pip.md │ └── interlock.md ├── Tools+Scripts ├── Bluetooth_LTK.py ├── Decrypt_TLS.py ├── Ghetto_zsteg.py ├── LSB_From_Wav.py ├── P3_random_session_key_calc.py ├── README.md ├── parse_full_pcap_keyboard.py └── zip2john2zip.py └── WalkThroughs ├── Apoorv_CTF_2025.md ├── Backdoor_CTF_2024.md ├── BlueHens_CTF_2024.md ├── BuckeyeCTF2024.md ├── COMPFEST16.md ├── CyberLeague_CTF_2025.md ├── Cyber_Apocalypse_CTF_2024.md ├── Cyber_Apocalypse_CTF_2025.md ├── FullWeakEngineer_CTF_2025.md ├── HTB_Walkthroughs.md ├── HackIM_CTF_2025.md ├── Hold On Tight Walkthrough.pdf ├── ISITDTU_CTF_2024.md ├── Iris_CTF_2025.md ├── Jersey_CTF_2025.md ├── MetaCTF.md ├── NoCo_Hackers_Holiday_2024.md ├── OpTinselTrace-1-5.md ├── PICO_Walkthroughs.md ├── README.md ├── RITSEC_CTF_2025.md ├── TAMU_CTF_2025.md ├── TCP1P2024.md ├── TU_CTF_2024.md ├── TexSaw_CTF_2025.md ├── UMASS_CTF_2025.md ├── UTAustin_CTF_2025.md ├── UofT_CTF_2025.md ├── picoCTF_2024.md └── picoCTF_2025.md /Blue_Book/BluePrint.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Blue_Book/BluePrint.md -------------------------------------------------------------------------------- /Blue_Book/Blue_Book.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Blue_Book/Blue_Book.md -------------------------------------------------------------------------------- /Explorations+Reflections/Explorations+Reflections.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Explorations+Reflections/Explorations+Reflections.md -------------------------------------------------------------------------------- /Explorations+Reflections/Explorations+Reflections2_PICO.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Explorations+Reflections/Explorations+Reflections2_PICO.md -------------------------------------------------------------------------------- /Explorations+Reflections/Explorations+Reflections3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Explorations+Reflections/Explorations+Reflections3.md -------------------------------------------------------------------------------- /Explorations+Reflections/Explorations+Reflections4.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Explorations+Reflections/Explorations+Reflections4.md -------------------------------------------------------------------------------- /Explorations+Reflections/Explorations+Reflections5.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Explorations+Reflections/Explorations+Reflections5.md -------------------------------------------------------------------------------- /Explorations+Reflections/Explorations+Reflections6.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Explorations+Reflections/Explorations+Reflections6.md -------------------------------------------------------------------------------- /Explorations+Reflections/Explorations+Reflections7.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Explorations+Reflections/Explorations+Reflections7.md -------------------------------------------------------------------------------- /Explorations+Reflections/JumpLists_Research.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Explorations+Reflections/JumpLists_Research.md -------------------------------------------------------------------------------- /Explorations+Reflections/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Explorations+Reflections/README.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/README.md -------------------------------------------------------------------------------- /Rev+Pwn/CRACKMES.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Rev+Pwn/CRACKMES.md -------------------------------------------------------------------------------- /Rev+Pwn/HTB_walkthroughs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Rev+Pwn/HTB_walkthroughs.md -------------------------------------------------------------------------------- /Rev+Pwn/Malware_Analysis_Basics.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Rev+Pwn/Malware_Analysis_Basics.md -------------------------------------------------------------------------------- /Rev+Pwn/Malware_Analysis_Debug.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Rev+Pwn/Malware_Analysis_Debug.md -------------------------------------------------------------------------------- /Rev+Pwn/Malware_Analysis_Defense_Evasion.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Rev+Pwn/Malware_Analysis_Defense_Evasion.md -------------------------------------------------------------------------------- /Rev+Pwn/PICO_Walkthroughs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Rev+Pwn/PICO_Walkthroughs.md -------------------------------------------------------------------------------- /Rev+Pwn/PWN+Reversing_Insights.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Rev+Pwn/PWN+Reversing_Insights.md -------------------------------------------------------------------------------- /Rev+Pwn/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Rev+Pwn/README.md -------------------------------------------------------------------------------- /Rev+Pwn/Real_Malware/PussyRAT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Rev+Pwn/Real_Malware/PussyRAT.md -------------------------------------------------------------------------------- /Rev+Pwn/Real_Malware/india-steak-robert-pip.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Rev+Pwn/Real_Malware/india-steak-robert-pip.md -------------------------------------------------------------------------------- /Rev+Pwn/Real_Malware/interlock.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Rev+Pwn/Real_Malware/interlock.md -------------------------------------------------------------------------------- /Tools+Scripts/Bluetooth_LTK.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Tools+Scripts/Bluetooth_LTK.py -------------------------------------------------------------------------------- /Tools+Scripts/Decrypt_TLS.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Tools+Scripts/Decrypt_TLS.py -------------------------------------------------------------------------------- /Tools+Scripts/Ghetto_zsteg.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Tools+Scripts/Ghetto_zsteg.py -------------------------------------------------------------------------------- /Tools+Scripts/LSB_From_Wav.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Tools+Scripts/LSB_From_Wav.py -------------------------------------------------------------------------------- /Tools+Scripts/P3_random_session_key_calc.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Tools+Scripts/P3_random_session_key_calc.py -------------------------------------------------------------------------------- /Tools+Scripts/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Tools+Scripts/README.md -------------------------------------------------------------------------------- /Tools+Scripts/parse_full_pcap_keyboard.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Tools+Scripts/parse_full_pcap_keyboard.py -------------------------------------------------------------------------------- /Tools+Scripts/zip2john2zip.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/Tools+Scripts/zip2john2zip.py -------------------------------------------------------------------------------- /WalkThroughs/Apoorv_CTF_2025.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/Apoorv_CTF_2025.md -------------------------------------------------------------------------------- /WalkThroughs/Backdoor_CTF_2024.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/Backdoor_CTF_2024.md -------------------------------------------------------------------------------- /WalkThroughs/BlueHens_CTF_2024.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/BlueHens_CTF_2024.md -------------------------------------------------------------------------------- /WalkThroughs/BuckeyeCTF2024.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/BuckeyeCTF2024.md -------------------------------------------------------------------------------- /WalkThroughs/COMPFEST16.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/COMPFEST16.md -------------------------------------------------------------------------------- /WalkThroughs/CyberLeague_CTF_2025.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/CyberLeague_CTF_2025.md -------------------------------------------------------------------------------- /WalkThroughs/Cyber_Apocalypse_CTF_2024.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/Cyber_Apocalypse_CTF_2024.md -------------------------------------------------------------------------------- /WalkThroughs/Cyber_Apocalypse_CTF_2025.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/Cyber_Apocalypse_CTF_2025.md -------------------------------------------------------------------------------- /WalkThroughs/FullWeakEngineer_CTF_2025.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/FullWeakEngineer_CTF_2025.md -------------------------------------------------------------------------------- /WalkThroughs/HTB_Walkthroughs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/HTB_Walkthroughs.md -------------------------------------------------------------------------------- /WalkThroughs/HackIM_CTF_2025.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/HackIM_CTF_2025.md -------------------------------------------------------------------------------- /WalkThroughs/Hold On Tight Walkthrough.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/Hold On Tight Walkthrough.pdf -------------------------------------------------------------------------------- /WalkThroughs/ISITDTU_CTF_2024.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/ISITDTU_CTF_2024.md -------------------------------------------------------------------------------- /WalkThroughs/Iris_CTF_2025.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/Iris_CTF_2025.md -------------------------------------------------------------------------------- /WalkThroughs/Jersey_CTF_2025.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/Jersey_CTF_2025.md -------------------------------------------------------------------------------- /WalkThroughs/MetaCTF.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/MetaCTF.md -------------------------------------------------------------------------------- /WalkThroughs/NoCo_Hackers_Holiday_2024.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/NoCo_Hackers_Holiday_2024.md -------------------------------------------------------------------------------- /WalkThroughs/OpTinselTrace-1-5.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/OpTinselTrace-1-5.md -------------------------------------------------------------------------------- /WalkThroughs/PICO_Walkthroughs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/PICO_Walkthroughs.md -------------------------------------------------------------------------------- /WalkThroughs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/README.md -------------------------------------------------------------------------------- /WalkThroughs/RITSEC_CTF_2025.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/RITSEC_CTF_2025.md -------------------------------------------------------------------------------- /WalkThroughs/TAMU_CTF_2025.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/TAMU_CTF_2025.md -------------------------------------------------------------------------------- /WalkThroughs/TCP1P2024.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/TCP1P2024.md -------------------------------------------------------------------------------- /WalkThroughs/TU_CTF_2024.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/TU_CTF_2024.md -------------------------------------------------------------------------------- /WalkThroughs/TexSaw_CTF_2025.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/TexSaw_CTF_2025.md -------------------------------------------------------------------------------- /WalkThroughs/UMASS_CTF_2025.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/UMASS_CTF_2025.md -------------------------------------------------------------------------------- /WalkThroughs/UTAustin_CTF_2025.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/UTAustin_CTF_2025.md -------------------------------------------------------------------------------- /WalkThroughs/UofT_CTF_2025.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/UofT_CTF_2025.md -------------------------------------------------------------------------------- /WalkThroughs/picoCTF_2024.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/picoCTF_2024.md -------------------------------------------------------------------------------- /WalkThroughs/picoCTF_2025.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dbissell6/DFIR/HEAD/WalkThroughs/picoCTF_2025.md --------------------------------------------------------------------------------