@noperator@bishopfox Support for this was added to Dissect earlier this year, with all current encryption keys added last week (#568)! Unfortunately the described method in the blog doesn’t work as well for other processor architectures.
https://t.co/uJAQSYrUkI
Read our latest blog to find out how our Security Research Team reverse-engineered Windows Defender to uncover previously undocumented artefacts, which can now be recovered using Dissect!
https://t.co/zpgZ8UMFkc
In addition: we're proud to announce the release of Dissect 3.8.1!
One of the new exciting features is preliminary support for Citrix Netscaler appliances!
Read more about it and how to triage Citrix Netscaler appliances in our blog 👇
🚨Fox-IT and @DIVDnl have revealed that a exploitation campaign targeting Citrix NetScalers has backdoored approximately 2K NetScalers worldwide! Check your NetScalers for indicators of compromise, even after patching CVE-2023-3519!🔒
🔗blog: https://t.co/yyvfnCp86e
@chadtilbury Dissect has a plugin (and API) available for interacting with offline WMI data! “target-query -f cim HOST.E01” and you’re off to the races.
@JamesSjaalman@foxit Not intentional, but dissect.cstruct (what we use to parse these definitions) is a little permissive when it comes to missing semicolons, so it didn't blow up.
While we wait for the PR to merge dissect.esedb support into #Impacket, you can already enjoy a 500-1000% performance bump yourself by using our Dissect #secretsdump shim!
Read more here: https://t.co/dmbZnmGHMx
Attention digital forensics and IR specialists!
Dissect Release 3.5 is here with new plugins for virus scanner logs, package managers, and webservers. Plus zcat & zless commands in target-shell, and Linux /proc /sys support for Acquire. Check it out!
https://t.co/4UEgQkOwu5
@KevinPagano3 At @foxit we got rid of full disk images for 99% of the investigation in 2018. Only necessary if the investigation requires it. Made possible by Acquire and Dissect: https://t.co/TeVAjRRDZd
@13CubedDFIR We already received a merge request from the community (that’s almost ready!) that adds support for this to Dissect!
https://t.co/xdPdeMDgCn
🎙️ #CyberThreat22 attendees, we are live with @Schamperr & @lennarthaagsma presenting Enterprise IR: live free, live large.
Attendees are learning about dissect, its capabilities and methodology.
🔗 https://t.co/6loFUAmijS
#IncidentResponse
In this blog post, we share our research on version identification of Citrix ADC and Gateway servers and how we measured the update adoption on the internet for CVE-2022-27510 & CVE-2022-27518, two critical CVEs with a CVSS v3 score of 9.8
https://t.co/ikFg8kdoTO