解析メモ

マルウェア解析してみたり解析に役に立ちそうと思ったことをメモする場所。このサイトはGoogle Analyticsを利用しています。

4n6 Week 07 – 2024 - SOFTWARE UPDATES

本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。

SOFTWARE UPDATES

Atola

TaskForce 2 Changelog 2024.2 February 14, 2024 Bugfixes Imaging to an E01/AFF4 file on a network share could fail if other software tried to grab the file lock. Various USB hard disk drives failed to be detected. Diagnose: Possible incorrect diagnostic result for damaged USB flash drives. Removed 12V current graph that was not actual for all USB drives. 2024.1 January 26, 2024 New Features Verify segmented hashes - new task in the Other section. It helps check the segmented hashes in CSV file cr...

Belkasoft

+1 (650) 272-0384 Sign in Solutions For Business Boost cyber incident response, eDiscovery and forensics capacity of your organization. For Law Enforcement Acquire, examine and report digital evidence in a forensically sound way. For Academia Learn the art of digital forensics and cyber incident response with Belkasoft's training. Products Belkasoft X Forensic For law enforcement: Acquire, examine and analyze evidence from mobile, computer, drones, cars and cloud sources. Belkasoft X Corporate F...

Costas K

Latest Latest Compare Choose a tag to compare View all tags kacos2000 released this 16 Feb 23:12 v.1.0.14.0 37f502a This commit was created on GitHub.com and signed with GitHub’s verified signature. GPG key ID: B5690EEEBB952194 Learn about vigilant mode. [Updates] Improvements/corrections in 'automaticDestinations-ms': A few other small corrections & changes MD5: 2CB3707E750D0389CBB82DB4D184F8A5 SHA256: 5E4AA65E2A355BE682649339A5CD9440575122B79F750512FF287EA4AED4904D Assets 3 All reactions Foote...

Datadog Security Labs

Skip to content Toggle navigation Sign in Product Actions Automate any workflow Packages Host and manage packages Security Find and fix vulnerabilities Codespaces Instant dev environments Copilot Write better code with AI Code review Manage code changes Issues Plan and track work Discussions Collaborate outside of code Explore All features Documentation GitHub Skills Blog Solutions For Enterprise Teams Startups Education By Solution CI/CD & Automation DevOps DevSecOps Resources Learning Pathways...

Digital Sleuth

Skip to content Toggle navigation Sign in Product Actions Automate any workflow Packages Host and manage packages Security Find and fix vulnerabilities Codespaces Instant dev environments Copilot Write better code with AI Code review Manage code changes Issues Plan and track work Discussions Collaborate outside of code Explore All features Documentation GitHub Skills Blog Solutions For Enterprise Teams Startups Education By Solution CI/CD & Automation DevOps DevSecOps Resources Learning Pathways...

Doug Metz at Baker Street Forensics

DFIR, Forensic Imaging, PowerShell, RAM, Triage, USB The latest update to CyberPipe (the code formerly known as CSIRT-Collect), has been revised to leverage the free triage collection tool, MAGNET Response. As with previous versions it also runs Encrypted Disk Detector, another free tool from MAGNET. Script Functions: Capture a memory image with MAGNET DumpIt for Windows, (x32, x64, ARM64), or MAGNET RAM Capture on legacy systems, Create a Triage collection* with MAGNET Response, Check for encry...

ExifTool

ExifTool Version History RSS feed: //exiftool.org/rss.xml Note: The most recent production release is Version 12.76. (Other versions are considered development releases, and are not uploaded to MetaCPAN.) Feb. 16, 2024 - Version 12.77 Added new Olympus CameraType and LensType value (thanks herb) Added a new Canon Irix LensType Added the ability to delete MacOS XAttrMDItemWhereFroms Decode a few new Canon DPP tags (thanks John Moyer) Improved handling of XML-unfriendly characters in JSON field na...

F-Response

F-Response 8.7.1.19 Released Feb 12, 2024 This first month of the year we dove straight into updates for F-Response. You'll find the details below, or you can always click on downloads to get straight to the latest release. F-Response 8.7.1.19 MSI Export Improvements F-Response versions that supported MSI export now include additional product summary information, Subject, Author, etc. To take advantage of these new file details you will need to export new MSI file(s). F-Response Collect Improvem...

Falco

Falco horizontal logo_teal2FalcoAboutWhat is Falco? Learn about Falco and how it works Why choose Falco? Benefits of Falco for runtime security Falco use cases Threat detection and regulatory compliance Case studies Discover how the industry is adopting Falco Falco ecosystem Integrations and plugins FAQ The most common questions about the whole FalcoecosystemDocsBlogCommunityAbout the community For users and contributors Events Meet and learn about Falco Contributors The people who build Falco F...

Federico Lagrasta

Latest Latest Compare Choose a tag to compare View all tags last-byte released this 15 Feb 16:14 · 3 commits to main since this release v1.15.1 d600dae This release fixes a gap in the detection of persistences relying on Powershell. The bug was in the Get-IfSafeExecutable function, which calls Get-IfLolbin function, which in turn does not list Powershell.exe as a LOLBin. Assets 3 👍 1 RomelSan reacted with thumbs up emoji All reactions 👍 1 reaction 1 person reacted Footer © 2024 GitHub, Inc. Foot...

GCHQ

Skip to content Toggle navigation Sign in Product Actions Automate any workflow Packages Host and manage packages Security Find and fix vulnerabilities Codespaces Instant dev environments Copilot Write better code with AI Code review Manage code changes Issues Plan and track work Discussions Collaborate outside of code Explore All features Documentation GitHub Skills Blog Solutions For Enterprise Teams Startups Education By Solution CI/CD & Automation DevOps DevSecOps Resources Learning Pathways...

Hex Rays

Posted on: 16 Feb 2024 By: Alex Petrov Categories: News Tags: IDA Pro IDA Teams It is official! IDA 8.4 has now been released, and we are beyond excited to share the new features and improvements with you. This new version combines enhanced support for a bunch of processors, Mach-O file improvements, some signature boosts, standard plugin updates, and a shiny new set of UI refinements that will make your analysis much more productive and convenient. Here is a brief overview of what awaits you in...

Security Joes

Latest Latest Compare Choose a tag to compare View all tags YosfanEilay released this 18 Feb 11:14 · 1 commit to main since this release v2.3.1 819b6f7 Fixing table issues with FTP Assets 2 All reactions Footer © 2024 GitHub, Inc. Footer navigation Terms Privacy Security Status Docs Contact Manage cookies Do not share my personal information You can’t perform that action at this time.

Mazars Tech

Skip to content Toggle navigation Sign in Product Actions Automate any workflow Packages Host and manage packages Security Find and fix vulnerabilities Codespaces Instant dev environments Copilot Write better code with AI Code review Manage code changes Issues Plan and track work Discussions Collaborate outside of code Explore All features Documentation GitHub Skills Blog Solutions For Enterprise Teams Startups Education By Solution CI/CD & Automation DevOps DevSecOps Resources Learning Pathways...

Microsoft

Skip to content Toggle navigation Sign in Product Actions Automate any workflow Packages Host and manage packages Security Find and fix vulnerabilities Codespaces Instant dev environments Copilot Write better code with AI Code review Manage code changes Issues Plan and track work Discussions Collaborate outside of code Explore All features Documentation GitHub Skills Blog Solutions For Enterprise Teams Startups Education By Solution CI/CD & Automation DevOps DevSecOps Resources Learning Pathways...

MobilEdit

February 14, 2024 Jan Valnoha MOBILedit Forensic 9.3 release brings another package of features to boost the power of user investigation. Including Kirin Offline Decrypt for Huawei phones, Smartwatch Bluetooth data extraction, new analysis capabilities for Google Fit Health and OneNote on OneDrive and more. Explore these advancements and streamline your forensic analysis today.Kirin Offline DecryptA new Kirin Offline Decrypt feature significantly enhances Huawei phone decryption. This new approa...

MSAB

/ Updates / Now released – XRY 10.8.1 The latest version of XRY – XRY 10.8.1 – is here and available for download. Think new features, more efficient case-solving, and less backlog stress. All available at the click of a button. Download the new release XRY 10.8.1 alongside XRY Pro introduces some handy new features and useful enhancements that will prove instrumental in helping your data extraction and decoding efforts. The more devices you can tap isnto, the more data you can access and analyz...

OpenCTI

Version 5.12.32 Latest Latest Compare Choose a tag to compare View all tags Filigran-Automation released this 16 Feb 14:36 · 160 commits to master since this release 5.12.32 fb210d5 This commit was signed with the committer’s verified signature. Filigran-Automation Filigran Automation GPG key ID: C708FDB840E80D34 Learn about vigilant mode. Bug Fixes: #6003 SAML attributes mapping including groups / roles mapping is not working #5983 [Data segregation / Admin organization] Incomplete cleaning of ...

Passmark Software

Home Products Training Support About Us Forum Sign In FAQ What’s New Pricing Download Free Trial Buy Now What's New? Expand all Collapse all V11.0 build 1004 13th February 2024 File Hashing Updated UI of NSRL import dialog Indexing Fixed possible freezing issue when indexing files via DirectAccess V11.0 build 1003 7th February 2024 Android Artifacts Fixed images not loading from VHD File Hashing Fixed bug where the category and tags fields were not parsed properly during the CSV import and expor...

Sandfly Security

Sandfly Version 5.0 Is Now Available!Product CrosspostDateFebruary 14, 2024AuthorThe Sandfly Security TeamToday is a big day for us here at Sandfly as we release our latest version to the public. Version 5.0 marks a significant advancement in our multi-layered Linux defense platform, exceeding traditional Endpoint Detection and Response (EDR) capabilities. This release introduces our new agentless drift detection feature, providing extensive active threat hunting and proactive security measures ...

Sigma

Latest Latest Compare Choose a tag to compare View all tags github-actions released this 12 Feb 18:46 · 2 commits to master since this release r2024-02-12 7509f6a This commit was created on GitHub.com and signed with GitHub’s verified signature. GPG key ID: B5690EEEBB952194 Learn about vigilant mode. New Rules new: Exploitation Indicator Of CVE-2022-42475 new: Interesting Service Enumeration Via Sc.EXE new: Loaded Module Enumeration Via Tasklist.EXE new: New Self Extracting Package Created Via I...

James McGee at The Metadata Perspective

is a free tool, created for the betterment of the Digital Forensic Incident Response Community. Support: Current testing proves the support of Google Location History Data obtained through both Google Takeout and Google Semantic History Warrant Returns. From either a single .zip file input (or folder containing multiple .zip files) this tool will search for the pertinent files, query out data, and generate results grouped by data type. Data Types: • Location Data from the Records.JSON File (the ...

Xways

X-Ways Forensics 21.1 Log Out | Topics | Search Moderators | Edit Profile X-Ways User Forum » Public Announcements » X-Ways Forensics 21.1 « Previous Next » Author Message Stefan Fleischmann Username: adminRegistered: 1-2001Posted on Sunday, Jan 21, 2024 - 15:38: A preview version of X-Ways Forensics 21.1 is now available. The latest download instructions including password can be retrieved by querying one's license status, as always. What's new in v21.1 Preview 1? * Better support for larger vo...

YARA

Latest Latest Compare Choose a tag to compare View all tags plusvic released this 13 Feb 11:40 v4.5.0 8fa55cd Unreferenced strings are allowed if their identifier start with _ (#1941) New command-line option --disable-console-logs for disabling the output of the console module (#1915) New command-line option --strict-escape that raises warnings on unknown escape sequences (#1880). Improve performance by avoiding the execution of rule conditions that can't match (#1927) Add callback message CALLB...