Updates to my GREM Gold scripts and a new script
And finally, before those of us in the US trip out on tryptophan tomorrow, I've updated a few of the scripts that I wrote about in my GREM Gold paper and my SANSFIRE talk. The biggest change is that I have finally integrated Michael Hale Ligh's malfind2 volatility plugin into the report and I have switched to using httpry for reporting on the HTTP traffic. I've also put together another script to report on/decode DNS traffic out of a pcap. The script can be found on my handler's page. I recently used that and another script I wrote for the latest network forensics contest. I'll post the other script and my solution (because I had a lot of fun working on it) after they release the results. I highly recommend these contests and the other packet challenges we've told you about before for those who want more practice at playing with packets and network traces.
---------------
Jim Clausing, jclausing --at-- isc [dot] sans (dot) org
LINUX Incident Response and Threat Hunting | Online | Japan Standard Time | Oct 21st - Oct 26th 2024 |
Comments