Dissect update
Say hello to Dissect version 3.21
- Minimum Python version is now 3.10
- New dissect.apfs project – initial support for macOS, available through the API
- Improved usability for interacting with nested targets
- Support for CramFS and Apple Sparse Image Format (ASIF)
And much more! check out the full release notes https://t.co/14R0adcZ20
𝗡𝗲𝘄 𝗗𝗶𝘀𝘀𝗲𝗰𝘁 𝗿𝗲𝗹𝗲𝗮𝘀𝗲 𝘃.𝟯.𝟮𝟬.𝟭 𝗶𝘀 𝗼𝘂𝘁!
Important: deprecation notice for Python 3.9, next Dissect version will support Python 3.10 and up
- VMFS implementation rewritten from scratch
- Mounting btrfs subvolumes with target-mount enabled
- Performance improvements in dissect.util converting to Rust
- Reduced memory consumption by extfs
And much more! For full details see the release notes
https://t.co/OINLQNzmjZ
🧀 𝗡𝗲𝘄 𝗯𝗹𝗼𝗴: "𝗧𝗵𝗿𝗲𝗲 𝗟𝗮𝘇𝗮𝗿𝘂𝘀 𝗥𝗔𝗧𝘀 𝗖𝗼𝗺𝗶𝗻𝗴 𝗳𝗼𝗿 𝗬𝗼𝘂𝗿 𝗖𝗵𝗲𝗲𝘀𝗲"
Read about PondRAT, ThemeForestRAT and RemotePE - three RATs we encountered during incident response involving the Lazarus group.
Check the indicators and don't let them steal your cheese!
#ThreatIntel #Lazarus #DFIR
https://t.co/JJ71mCw4kp
🔒Great news for #DFIR folks! Dissect now supports both BitLocker & LUKS encrypted disks, making forensic analysis smoother and more comprehensive. Another step forward for digital forensics capabilities! Read more in this blog: https://t.co/r2LTD0sJqm #InfoSec#DigitalForensics
Did you know that a meerkat, snake, whale, fox, and shark can team up to tackle cybersecurity? Find out how in our next pre-SuriCon webinar on August 29th at 4 pm UTC. Learn more about Dierentuin and Zoo with Pim Sanders!
Register, it’s free: https://t.co/Mdto3slguL
Check out our latest blog where we pluck the feathers off Android Malware Vultur's latest variants, revealing its most recent developments in masquerading malicious activity and how it maximises remote control over infected devices. https://t.co/2PIqlNnHsZ
🌟 Dissect Task Board Now Live! 🌟
Dive into Dissect projects, select tasks, suggest features, and code with a global community. Let's innovate together!
🔗 Look under issues in each Dissect project, or use this filter (log in needed) https://t.co/inQeXqymTh
Time for a new Dissect release - v.3.13 is out!
Highlights:
- New fs support for vmtar and cpio
- New plugins for Brave browser, Doker logs, and Linux locate
- JSON, YAML and XML formats added to the unified configuration parser
- Support for Windows installations on drive letters other than C:\
- Support for Linux systems mounts by label
Check out all features and plugins improvements in the release notes! https://t.co/sQ2OMmAgxV
New #blogpost! Recently our CERT team devised a plugin for the #Dissect incident response framework, allowing us to parse log files from Atop, a performance monitoring solution for Linux.
We created Skrapa, a zero dependency and customizable Python library for scanning Windows and Linux process memory. Harnessing memory attributes, Skrapa elevates your capability to explore patterns in memory. 🔍 https://t.co/giEDUsnA9o
Highlights (2/2)
- Citrix NetScaler webserver log parsing plugin added
- SchedLgU plugin to parse SchedLgU.txt logs added
- Fuse3 support is added to target-mount - target-shell now has more cyber
Check out the full details in the release notes!
https://t.co/Qjd078dDsG
A new year, a new Dissect release! Dissect v3.12 📷
Highlights (1/2):
- FortiOS platform is now supported as a Linux sub-OS
- Improved parsing of complex ACLs in NTFS
- Sparse indirect blocks in ExtFS now work properly
- Windows and Linux PuTTY artefact parsing plugin added
Dissect Release v.3.11 just dropped!
Highlights:
- Added support for Btrfs (!)
- Added support for JFFS
- Improved support for Alpine Linux
- Several robustness- and bug fixes
Check out the full details in the release notes! https://t.co/ThP0SL1VnX