My next class:
LINUX Incident Response and Threat HuntingOnline | Japan Standard TimeOct 21st - Oct 26th 2024

Updates to my GREM Gold scripts and a new script

Published: 2009-11-25. Last Updated: 2009-11-25 23:27:17 UTC
by Jim Clausing (Version: 1)
0 comment(s)

And finally, before those of us in the US trip out on tryptophan tomorrow, I've updated a few of the scripts that I wrote about in my GREM Gold paper and my SANSFIRE talk.  The biggest change is that I have finally integrated Michael Hale Ligh's malfind2 volatility plugin into the report and I have switched to using httpry for reporting on the HTTP traffic.  I've also put together another script to report on/decode DNS traffic out of a pcap.  The script can be found on my handler's page.  I recently used that and another script I wrote for the latest network forensics contest.  I'll post the other script and my solution (because I had a lot of fun working on it) after they release the results.  I highly recommend these contests and the other packet challenges we've told you about before for those who want more practice at playing with packets and network traces.

---------------
Jim Clausing, jclausing --at-- isc [dot] sans (dot) org

0 comment(s)
My next class:
LINUX Incident Response and Threat HuntingOnline | Japan Standard TimeOct 21st - Oct 26th 2024

Comments


Diary Archives