Tuesday, March 17, 2020

Forensics Android APKs on the phone

(Just for my reference)
Purpose: Check .apk files in the phone using VirusTotal.

1.     VirusTotal website: https://virustotal.com
2.     MOBILedit Forensic Express 7

1.     Use MOBILedit to create a full report

2.     Open a command line window and Go to the report folder Run sigcheck64 -h -a -c -w ..\apks.csv -u -s .\*.apk

3.     Run sigcheck64 -c -w .\samsung.csv -vrs -vt -o .\apks.csv to get these

4.     Open the csv file and analyze the output.

Saturday, February 1, 2020

Fix Python3 running error on Mac OS Catalina

(Just for my own reference)
1.     macOS Catalina version 10.15.3
2.     Xcode 11.3.1
3.     Python3: 3.7.3

When tried to run python3 on macOS Catalina, got an error:
xcrun: error: invalid active developer path (/Library/Developer/CommandLineTools), missing xcrun at: /Library/Developer/CommandLineTools/usr/bin/xcrun

To fix this, run command “xcode-select –install”

Tuesday, September 17, 2019

Azure configuration Check (part 1)

Part 1: Use azucar tool

Azucar is a multi-threaded plugin-based tool to help assess the security of Azure Cloud environment subscription. By leveraging the Azure API , Azucar automatically gathers a variety of configuration data and analyses all data relating to a particular subscription in order to determine security risks.

The script will not change or modify any asset deployed in the Azure subscription.
More details on https://github.com/nccgroup/azucar/


  1. Windows 10, 1903
  2. An Azure read-only account
  3. Excel 2016 if you want to export excel format report


  1. Download and install Git for Windows from https://gitforwindows.org/ using default options. If you have git installed on your system, you can skip this step.
  2. Run a command line window. On your folder, run command: git clone https://github.com/nccgroup/azucar.git
  3. Run a powershell window as administrator, go to the “azucar” folder.
  4. Run command “$psversiontable”, make sure the powershell version is 3.x
  5. Run command: “Get-ChildItem -Recurse c:\tools\azucar | Unblock-File” to unblock the files
  6. Run command “.\Azucar.ps1 -ExportTo EXCEL,CSV,XML,JSON -Verbose -Instance AzureCloud -Analysis All”. it will popup a window to ask you to sign in.
  7. Enter the Azure email and password. Click “sign in” button. Select the Subscription and click “OK” button. 
  8. Wait until the analysis process ended, you can find the reports on folder “azucar\report”


  1. https://github.com/nccgroup/azucar/
  2. https://gitforwindows.org/