解析メモ

マルウェア解析してみたり解析に役に立ちそうと思ったことをメモする場所。このサイトはGoogle Analyticsを利用しています。

4n6 Week 48 – 2023 - SOFTWARE UPDATES

本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。

SOFTWARE UPDATES

Crowdstrike

Skip to content Toggle navigation Sign up Product Actions Automate any workflow Packages Host and manage packages Security Find and fix vulnerabilities Codespaces Instant dev environments Copilot Write better code with AI Code review Manage code changes Issues Plan and track work Discussions Collaborate outside of code Explore All features Documentation GitHub Skills Blog Solutions For Enterprise Teams Startups Education By Solution CI/CD & Automation DevOps DevSecOps Resources Learning Pathways...

Didier Stevens

oledump.pyUpdate: zipdump.py Version 0.0.26My Software Categories .NET 010 Editor Announcement Arduino Bash Bunny Beta bpmtk Certification Didier Stevens Labs Eee PC Elec Encryption Entertainment Fellow Bloggers Forensics Hacking Hardware maldoc Malware My Software N800 Networking Nonsense nslu2 OSX PDF Personal Physical Security Poll Puzzle Quickpost Release Reverse Engineering RFID Shellcode smart card Spam technology UltraEdit Uncategorized Update video Vulnerabilities WiFi Windows 7 Windows ...

Digital Sleuth

Skip to content Toggle navigation Sign up Product Actions Automate any workflow Packages Host and manage packages Security Find and fix vulnerabilities Codespaces Instant dev environments Copilot Write better code with AI Code review Manage code changes Issues Plan and track work Discussions Collaborate outside of code Explore All features Documentation GitHub Skills Blog Solutions For Enterprise Teams Startups Education By Solution CI/CD & Automation DevOps DevSecOps Resources Learning Pathways...

Doug Burks at Security Onion

We recently released Security Onion 2.4.30 and a hotfix://blog.securityonion.net/2023/11/security-onion-2430-now-available.html//blog.securityonion.net/2023/11/security-onion-2430-hotfix-20231117-now.htmlToday, we are releasing an additional hotfix which resolves an issue://docs.securityonion.net/en/2.4/release-notes.htmlDocumentationYou can find our online documentation here://docs.securityonion.net/en/2.4/Documentation is always a work in progress. If you find documentation that needs to be up...

Doug Metz at Baker Street Forensics

Ginsu: A tool for repackaging large collections to traverse Windows Defender Live Response DFIR, PowerShell, M365, Triage Screenshot of Ginsu.ps1 Enterprise customers running Windows Defender for Endpoint have a lot of capability at their fingertips. This includes the Live Response console, a limited command shell to interact with any managed Defender assets that are online. Besides its native commands you can also use the console to push scripts and executables to endpoints. Note: there is a sp...

Eilay Yosfan

Public Notifications Fork 0 Star 28 A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals. github.com/yosfaneilay 28 stars 0 forks Activity Star Notifications Code Issues 0 Pull requests 0 Actions Projects 0 Security Insights Additional navigation options Code Issues Pull requests Actions Projects Security Insights YosfanEilay/ForensicMiner This commit does not belong to any branch on this repository, and may belong to a fork outside of the ...

ExifTool

ExifTool Version History RSS feed: //exiftool.org/rss.xml Note: The most recent production release is Version 12.70. (Other versions are considered development releases, and are not uploaded to MetaCPAN.) Nov. 19, 2023 - Version 12.70 (production release) This marks the 20th anniversary of the initial ExifTool release! Added ability to read/delete C2PA CAI JUMBF metadata from TIFF-based images (eg. DNG), QuickTime-based files (eg. MP4) and WebP images, and read JUMBF from other RIFF-based files ...

Jeffrey Lyon

Prerequisites Installation Clone the Repository Installing Usage Environment Flags Policies Example Built With Authors License README.md AWS Kill Switch AWS Kill Switch is a Lambda function (and proof of concept client) that an organization can implement in a dedicated "Security" account to give their security engineers the ability to delete IAM roles or apply a highly restrictive service control policy (SCP) on any account in their organization. Prerequisites Go Tested on go1.21.3 on arm64. Ins...

Manabu Niseki

Skip to content Toggle navigation Sign up Product Actions Automate any workflow Packages Host and manage packages Security Find and fix vulnerabilities Codespaces Instant dev environments Copilot Write better code with AI Code review Manage code changes Issues Plan and track work Discussions Collaborate outside of code Explore All features Documentation GitHub Skills Blog Solutions For Enterprise Teams Startups Education By Solution CI/CD & Automation DevOps DevSecOps Resources Learning Pathways...

Mazars Tech

Skip to content Toggle navigation Sign up Product Actions Automate any workflow Packages Host and manage packages Security Find and fix vulnerabilities Codespaces Instant dev environments Copilot Write better code with AI Code review Manage code changes Issues Plan and track work Discussions Collaborate outside of code Explore All features Documentation GitHub Skills Blog Solutions For Enterprise Teams Startups Education By Solution CI/CD & Automation DevOps DevSecOps Resources Learning Pathways...

Martin Willing

Latest Latest Compare Choose a tag to compare View all tags evild3ad released this 22 Nov 14:20 v1.0 6636bab Added: Improved Hunting for Suspicious Scheduled Tasks Added: 318 YARA Custom Rules Added: Get-YaraCustomRules Added: Kroll RECmd Batch File v1.22 (2023-06-20) Added: Checkbox Forensic Timeline (CSV) Added: Checkbox Forensic Timeline (XLSX) Added: FindEvil: AV_DETECT Fixed: Other minor fixes and improvements Assets 3 👍 1 AndrewRathbun reacted with thumbs up emoji All reactions 👍 1 reactio...

Metaspike

Forensic Email IntelligenceIdeasRoadmapAnnouncementsSearch Ideas...⌘KLog inSign upAnnouncementsFilterNew updates and improvements to Forensic Email IntelligenceAll Announcements21 Nov, 20232.1.13.3Release🔥Added support for S/MIME and OpenPGP decryption and signature verification.✔️Extended export options to include exporting decrypted versions of emails where applicable.✔️Timestamps View has been extended to include timestamps from digital signature certificates.✔️Insights have been extended to ...

SigmaHQ

Skip to content Toggle navigation Sign up Product Actions Automate any workflow Packages Host and manage packages Security Find and fix vulnerabilities Codespaces Instant dev environments Copilot Write better code with AI Code review Manage code changes Issues Plan and track work Discussions Collaborate outside of code Explore All features Documentation GitHub Skills Blog Solutions For Enterprise Teams Startups Education By Solution CI/CD & Automation DevOps DevSecOps Resources Learning Pathways...

Mark Baggett

Skip to content Toggle navigation Sign up Product Actions Automate any workflow Packages Host and manage packages Security Find and fix vulnerabilities Codespaces Instant dev environments Copilot Write better code with AI Code review Manage code changes Issues Plan and track work Discussions Collaborate outside of code Explore All features Documentation GitHub Skills Blog Solutions For Enterprise Teams Startups Education By Solution CI/CD & Automation DevOps DevSecOps Resources Learning Pathways...

Rapid7

GUI improvementsNotebook improvementsVFS DownloadsNew VQL plugins and capabilitiesBuilt-in Sigma SupportUsing Sigma rules for live monitoringOther improvementsSSH/SCP accessorDistributed notebook processingETW MultiplexingArtifacts can be hidden in the GUILocal encrypted storage for clients.ConclusionsReleaseVelociraptor 0.7.1 ReleaseMike Cohen 2023-11-15I am very excited to announce that the latest Velociraptor release 0.7.1 is now in release candidate status.In this post I will discuss some of...

WithSecure Labs

Skip to content Toggle navigation Sign up Product Actions Automate any workflow Packages Host and manage packages Security Find and fix vulnerabilities Codespaces Instant dev environments Copilot Write better code with AI Code review Manage code changes Issues Plan and track work Discussions Collaborate outside of code Explore All features Documentation GitHub Skills Blog Solutions For Enterprise Teams Startups Education By Solution CI/CD & Automation DevOps DevSecOps Resources Learning Pathways...

Xways

X-Ways Forensics 21.0 Log Out | Topics | Search Moderators | Edit Profile X-Ways User Forum » Public Announcements » X-Ways Forensics 21.0 « Previous Next » Author Message Stefan Fleischmann Username: adminRegistered: 1-2001Posted on Tuesday, Sep 5, 2023 - 4:19: A preview version of X-Ways Forensics 21.0 is now available. The URL of the download directory for all recent versions can be retrieved by querying one's license status as always. What's new in v21.0 Preview 1? * Ability to access the co...