bump

Forensics/Mail.md

@@ -6,6 +6,13 @@
 emlAnalyzer
 ```
 
+## Outlook
+
+* Outlook files like `.msg` can be read and changed to by perl-email-outlook-message via
+```sh
+msgconvert *.msg
+```
+
 ## References
 
 * [Email reputation](https://emailrep.io)

Forensics/OLEtools.md

@@ -6,6 +6,8 @@
 
 ## Usage
 
+### OLEtools
+
 * Check content of a stream
 ```sh
 oledump.py file.doc  -Ss <No. of stream>
@@ -18,7 +20,7 @@ oledump.py -i file.doc
 olevba file.doc
 ```
 
-## Vipermonkey
+### Vipermonkey
 * For the lazy ones
 ```sh
 vmonkey file.doc
@@ -26,3 +28,10 @@ vmonkey file.doc
 
 ## scdbg
 * [scdbg repo](https://github.com/dzzie/SCDBG.git)
+
+## Outlook
+
+* Outlook files like `.msg` can be read and changed to by perl-email-outlook-message via
+```sh
+msgconvert *.msg
+```

Forensics/Windows Event Logs.md

@@ -0,0 +1,9 @@
+# Windows Event Log
+
+## Dump Logfile
+
+Windows Event Logfiles can be dumped via
+```sh
+evtx_dump $EVENT_LOG > event.log
+evtx_dump -o json $EVENT_LOG > event.log
+```

Post Exploitation/Enum on Target.md

@@ -77,6 +77,11 @@ cat /var/log/access.log | less
 
 ## Find Files
 
+* User files
+```sh
+find / -user $USER 2>/dev/null | grep -vE "run|proc|var"
+```
+
 * Find SUID permissions on files and dirs
 * `find / -perm /6000 -ls 2>/dev/null`