scrings is a strings utility that will output only semantically valid strings based on tree-sitter grammar.
scrings support #python#javascript#sql#powershell#bash#php
A #volatility plugin is also available to catch scripts in memory !
https://t.co/G9jJ90EoNp
Have you ever tried setting up a shared and reproductible forensics lab?
After hitting several brick walls with Docker, Ansible and others, we ended up finding a solution that ticked all the boxes we wanted: Nix.
See for yourselves! https://t.co/KxdtOnR3GC #DFIR#NixOS
He is awesome: My fellow @eeriedusk from the Airbus CERT added file hashes to process execution event logs to Sysmon for Linux, congrats man!
https://t.co/6NDjiJSsbo
Let's try to have features parity with the Windows version now.
A new update with Active Directory Explorer, Contig, and Sysmon has now been posted!
Get the tools at https://t.co/zlch58Hcfi
See what's new on the Sysinternals Blog: https://t.co/fkkkhTIGzn
Brute Ratel v1.3 is now released. This release brings in complete malleability, new shellcode, evasions to the core and detection rules for the previous version for the blueteam community. #BRc4
https://t.co/CeUrhT5pHp
I've always thought that in order for Defenders to be truly effective, it is vital they know where the telemetry they are leveraging is coming from.
Today I am releasing a project called TelemetrySource that is meant to support that cause.
Blog: https://t.co/jYPB40q3EF
Le SSTIC aura lieu du 7 au 9 juin 2023.
L'appel à contributions est en ligne: https://t.co/obbuEUChyk. Date limite de soumission : 30 janvier.
Vous hésitez ? Relisez nos conseils:
https://t.co/m1QfUXs1Nv
Anaïs Gantet, Nicolas Devillers (@Nikaiw) and Mouad Abouhali (@_m00dy_ ) are going to present “The unavoidable pain of backups: security deep-dive into the internals of NetBackup” at #HEXACON2022.
A thought to Jean-Romain Garnier (@JRomainG) that was not able to participate.
The results are out!
We are very honoured to have won first place🥇in the Hex-Rays plugin contest 2022 🎉
Our entry was "ttddbg", a time-travel debugging plugin for IDA already presented at #SSTIC 2022.
Many congratulations to all the other entrants!
Want to simulate any #ETW logs using powershell, even the security one?
Do you want to import any evtx files into the current eventlog session?
https://t.co/gLRWJA5oa2 will help you to test your detection rules!
#DFIR#Powershell
Still don't know how to respond when people try to portray it as "irrational" to state a strong preference to avoid getting sick with an extraordinarily contagious, sometimes deadly, sometimes disabling virus, whether or not it's likely to be "mild" in one individual case.
To celebrate this new release of @msticpy, we share a "Today I Learned" blog post on how to extract Sysmon data from Splunk and visualize as a Process Tree:
https://t.co/jcdg478hPm
Merry Christmas Blue Teamers! 🎄🎅🎁🔔
Invoke-Bof allows you to load and execute any #CobaltStrike Beacon Object File (BOF) to test your detection capabilities! #DFIR
https://t.co/RXOZdwuI7f
Airbus CERT is looking for new team member, if you're interested get in touch!