<?xml version="1.0" encoding="UTF-8"?>
<!-- generator="FeedCreator 1.8" -->
<?xml-stylesheet href="https://xn--e-br-noa.de/lib/exe/css.php?s=feed" type="text/css"?>
<rdf:RDF
    xmlns="http://purl.org/rss/1.0/"
    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
    xmlns:dc="http://purl.org/dc/elements/1.1/">
    <channel rdf:about="https://xn--e-br-noa.de/feed.php">
        <title>E-Bärs Xopedia</title>
        <description></description>
        <link>https://xn--e-br-noa.de/</link>
        <image rdf:resource="https://xn--e-br-noa.de/lib/exe/fetch.php?media=wiki:dokuwiki.svg" />
       <dc:date>2026-07-01T19:28:22+00:00</dc:date>
        <items>
            <rdf:Seq>
                <rdf:li rdf:resource="https://xn--e-br-noa.de/doku.php?id=soc:start&amp;rev=1781795034&amp;do=diff"/>
                <rdf:li rdf:resource="https://xn--e-br-noa.de/doku.php?image=soc%3Atemplate.7z&amp;ns=soc&amp;rev=1781795026&amp;tab_details=history&amp;media_do=diff&amp;do=media"/>
                <rdf:li rdf:resource="https://xn--e-br-noa.de/doku.php?id=windows:prefetch:start&amp;rev=1781794843&amp;do=diff"/>
                <rdf:li rdf:resource="https://xn--e-br-noa.de/doku.php?id=soc:irt:playbooks:windows_disk&amp;rev=1781794298&amp;do=diff"/>
                <rdf:li rdf:resource="https://xn--e-br-noa.de/doku.php?id=soc:irt:playbooks:wireshark&amp;rev=1781782482&amp;do=diff"/>
                <rdf:li rdf:resource="https://xn--e-br-noa.de/doku.php?id=windows:domain:start&amp;rev=1781762770&amp;do=diff"/>
                <rdf:li rdf:resource="https://xn--e-br-noa.de/doku.php?image=ex%3Ahtb%3Aupdown%3Aex_htb_updown1.png&amp;ns=ex%3Ahtb%3Aupdown&amp;rev=1672496020&amp;tab_details=history&amp;media_do=diff&amp;do=media"/>
                <rdf:li rdf:resource="https://xn--e-br-noa.de/doku.php?image=ex%3Ahtb%3Aambassador%3Ahtb-ambassador-1.jpg&amp;ns=ex%3Ahtb%3Aambassador&amp;rev=1671701917&amp;tab_details=history&amp;media_do=diff&amp;do=media"/>
            </rdf:Seq>
        </items>
    </channel>
    <image rdf:about="https://xn--e-br-noa.de/lib/exe/fetch.php?media=wiki:dokuwiki.svg">
        <title>E-Bärs Xopedia</title>
        <link>https://xn--e-br-noa.de/</link>
        <url>https://xn--e-br-noa.de/lib/exe/fetch.php?media=wiki:dokuwiki.svg</url>
    </image>
    <item rdf:about="https://xn--e-br-noa.de/doku.php?id=soc:start&amp;rev=1781795034&amp;do=diff">
        <dc:format>text/html</dc:format>
        <dc:date>2026-06-18T15:03:54+00:00</dc:date>
        <dc:creator>titannet (titannet@undisclosed.example.com)</dc:creator>
        <title>SOC</title>
        <link>https://xn--e-br-noa.de/doku.php?id=soc:start&amp;rev=1781795034&amp;do=diff</link>
        <description>SOC</description>
    </item>
    <item rdf:about="https://xn--e-br-noa.de/doku.php?image=soc%3Atemplate.7z&amp;ns=soc&amp;rev=1781795026&amp;tab_details=history&amp;media_do=diff&amp;do=media">
        <dc:format>text/html</dc:format>
        <dc:date>2026-06-18T15:03:46+00:00</dc:date>
        <dc:creator>titannet (titannet@undisclosed.example.com)</dc:creator>
        <title>template.7z - created</title>
        <link>https://xn--e-br-noa.de/doku.php?image=soc%3Atemplate.7z&amp;ns=soc&amp;rev=1781795026&amp;tab_details=history&amp;media_do=diff&amp;do=media</link>
        <description>&lt;img src=&quot;https://xn--e-br-noa.de/lib/images/fileicons/svg/7z.svg&quot; alt=&quot;template.7z&quot; loading=&quot;lazy&quot; width=&quot;500&quot; height=&quot;500&quot; /&gt;</description>
    </item>
    <item rdf:about="https://xn--e-br-noa.de/doku.php?id=windows:prefetch:start&amp;rev=1781794843&amp;do=diff">
        <dc:format>text/html</dc:format>
        <dc:date>2026-06-18T15:00:43+00:00</dc:date>
        <dc:creator>titannet (titannet@undisclosed.example.com)</dc:creator>
        <title>Prefetch - created</title>
        <link>https://xn--e-br-noa.de/doku.php?id=windows:prefetch:start&amp;rev=1781794843&amp;do=diff</link>
        <description>Prefetch



#![allow(clippy::unwrap_used, clippy::expect_used)]
use std::path::PathBuf;
use std::fs;
use std::path::Path;
use chrono::{DateTime, Utc};

/// based on  https://docs.rs/crate/prefetch-core/0.1.0/source/examples/pf_dump.rs


fn filetime_to_datetime(ft: i64) -&gt; DateTime&lt;Utc&gt; {
    // FILETIME epoch (1601-01-01) -&gt; Unix epoch (1970-01-01)
    const EPOCH_DIFF_100NS: i64 = 116_444_736_000_000_000;
 
    let unix_100ns = ft - EPOCH_DIFF_100NS;
    let secs = unix_100ns / 10_000_000;
    …</description>
    </item>
    <item rdf:about="https://xn--e-br-noa.de/doku.php?id=soc:irt:playbooks:windows_disk&amp;rev=1781794298&amp;do=diff">
        <dc:format>text/html</dc:format>
        <dc:date>2026-06-18T14:51:38+00:00</dc:date>
        <dc:creator>titannet (titannet@undisclosed.example.com)</dc:creator>
        <title>Windows Disk Image - [Prefetch on Linux] </title>
        <link>https://xn--e-br-noa.de/doku.php?id=soc:irt:playbooks:windows_disk&amp;rev=1781794298&amp;do=diff</link>
        <description>Windows Disk Image

	*  Assumes basic setup from setup
	*  All command below should be
		*  copied to a “IR log” text/md file 
		*  edited as needed
		*  executed with output copied back to “IR log”
			*  recommendation: move commands/output from</description>
    </item>
    <item rdf:about="https://xn--e-br-noa.de/doku.php?id=soc:irt:playbooks:wireshark&amp;rev=1781782482&amp;do=diff">
        <dc:format>text/html</dc:format>
        <dc:date>2026-06-18T11:34:42+00:00</dc:date>
        <dc:creator>titannet (titannet@undisclosed.example.com)</dc:creator>
        <title>Wireshark - created</title>
        <link>https://xn--e-br-noa.de/doku.php?id=soc:irt:playbooks:wireshark&amp;rev=1781782482&amp;do=diff</link>
        <description>Wireshark


tshark -nr &lt;your_capture.cap&gt; -Y &quot;dns.flags.response == 0&quot; -T fields -e dns.qry.name -e dns.qry | sort | uniq -c</description>
    </item>
    <item rdf:about="https://xn--e-br-noa.de/doku.php?id=windows:domain:start&amp;rev=1781762770&amp;do=diff">
        <dc:format>text/html</dc:format>
        <dc:date>2026-06-18T06:06:10+00:00</dc:date>
        <dc:creator>titannet (titannet@undisclosed.example.com)</dc:creator>
        <title>Active Directory</title>
        <link>https://xn--e-br-noa.de/doku.php?id=windows:domain:start&amp;rev=1781762770&amp;do=diff</link>
        <description>Active Directory

Principles

SPN

	*  Service principal name
	*  Unique identifier used in windows environments to link a specific network service to the Active Directory account running that service
	*  &lt;https://syfuhs.net/a-bit-about-kerberos&gt;

Reddit src

An SPN is how your computer identifies a service on a network. That service could a be network protocol like HTTP or SMB. SPN and SPN binding are the same thing. Or rather, the binding is the literal registration of the SPN to the service a…</description>
    </item>
    <item rdf:about="https://xn--e-br-noa.de/doku.php?image=ex%3Ahtb%3Aupdown%3Aex_htb_updown1.png&amp;ns=ex%3Ahtb%3Aupdown&amp;rev=1672496020&amp;tab_details=history&amp;media_do=diff&amp;do=media">
        <dc:format>text/html</dc:format>
        <dc:date>2022-12-31T14:13:40+00:00</dc:date>
        <dc:creator>ebaer (ebaer@undisclosed.example.com)</dc:creator>
        <title>ex_htb_updown1.png - created</title>
        <link>https://xn--e-br-noa.de/doku.php?image=ex%3Ahtb%3Aupdown%3Aex_htb_updown1.png&amp;ns=ex%3Ahtb%3Aupdown&amp;rev=1672496020&amp;tab_details=history&amp;media_do=diff&amp;do=media</link>
        <description>&lt;img src=&quot;https://xn--e-br-noa.de/lib/exe/fetch.php?w=500&amp;amp;h=500&amp;amp;tok=4be0ad&amp;amp;media=ex:htb:updown:ex_htb_updown1.png&quot; alt=&quot;ex_htb_updown1.png&quot; loading=&quot;lazy&quot; width=&quot;500&quot; height=&quot;500&quot; /&gt;</description>
    </item>
    <item rdf:about="https://xn--e-br-noa.de/doku.php?image=ex%3Ahtb%3Aambassador%3Ahtb-ambassador-1.jpg&amp;ns=ex%3Ahtb%3Aambassador&amp;rev=1671701917&amp;tab_details=history&amp;media_do=diff&amp;do=media">
        <dc:format>text/html</dc:format>
        <dc:date>2022-12-22T09:38:37+00:00</dc:date>
        <dc:creator>ebaer (ebaer@undisclosed.example.com)</dc:creator>
        <title>htb-ambassador-1.jpg - created</title>
        <link>https://xn--e-br-noa.de/doku.php?image=ex%3Ahtb%3Aambassador%3Ahtb-ambassador-1.jpg&amp;ns=ex%3Ahtb%3Aambassador&amp;rev=1671701917&amp;tab_details=history&amp;media_do=diff&amp;do=media</link>
        <description>&lt;img src=&quot;https://xn--e-br-noa.de/lib/exe/fetch.php?w=500&amp;amp;h=500&amp;amp;tok=eb084a&amp;amp;media=ex:htb:ambassador:htb-ambassador-1.jpg&quot; alt=&quot;htb-ambassador-1.jpg&quot; loading=&quot;lazy&quot; width=&quot;500&quot; height=&quot;500&quot; /&gt;</description>
    </item>
</rdf:RDF>
