Arioch

scrings is a strings utility that will output only semantically valid strings based on tree-sitter grammar. scrings support #python #javascript #sql #powershell #bash #php A #volatility plugin is also available to catch scripts in memory ! github.com/airbus-cert/sc…

Have you ever tried setting up a shared and reproductible forensics lab? After hitting several brick walls with Docker, Ansible and others, we ended up finding a solution that ticked all the boxes we wanted: Nix. See for yourselves! skyblue.team/posts/nix-fore… #DFIR #NixOS

Powershell deobfuscator github.com/airbus-cert/mi…

He is awesome: My fellow @eeriedusk from the Airbus CERT added file hashes to process execution event logs to Sysmon for Linux, congrats man! github.com/Sysinternals/S… Let's try to have features parity with the Windows version now.

A new update with Active Directory Explorer, Contig, and Sysmon has now been posted! Get the tools at sysinternals.com See what's new on the Sysinternals Blog: techcommunity.microsoft.com/t5/sysinternal…

Brute Ratel v1.3 is now released. This release brings in complete malleability, new shellcode, evasions to the core and detection rules for the previous version for the blueteam community. #BRc4 bruteratel.com/release/2022/1…

I've always thought that in order for Defenders to be truly effective, it is vital they know where the telemetry they are leveraging is coming from. Today I am releasing a project called TelemetrySource that is meant to support that cause. Blog: posts.specterops.io/uncovering-win…

The #flareon9 write-ups from my team ! skyblue.team/posts/flareon9/ We are still looking for new talents ! More on pastebin.com/hqt4mqhX

Le SSTIC aura lieu du 7 au 9 juin 2023. L'appel à contributions est en ligne: sstic.org/2023/cfp/. Date limite de soumission : 30 janvier. Vous hésitez ? Relisez nos conseils: blog.sstic.org/2017/01/06/com…

Anaïs Gantet, Nicolas Devillers (@Nikaiw) and Mouad Abouhali (@_m00dy_ ) are going to present “The unavoidable pain of backups: security deep-dive into the internals of NetBackup” at #HEXACON2022. A thought to Jean-Romain Garnier (@JRomainG) that was not able to participate.

And nothing could be done without the wonderful library github.com/commial/ttd-bi… ! Thanks @commial

The results are out! We are very honoured to have won first place🥇in the Hex-Rays plugin contest 2022 🎉 Our entry was "ttddbg", a time-travel debugging plugin for IDA already presented at #SSTIC 2022. Many congratulations to all the other entrants!

Anomaly detection in command lines with Markov chains, Splunk app provided 🤩 github.com/ANSSI-FR/AnoMa… by @ANSSI_FR #SSTIC

Time Travel Debugging for #IDA !!! github.com/airbus-cert/tt… #SSTIC. Thanks @commial !!!

Want to simulate any #ETW logs using powershell, even the security one? Do you want to import any evtx files into the current eventlog session? github.com/airbus-cert/nt… will help you to test your detection rules! #DFIR #Powershell

Still don't know how to respond when people try to portray it as "irrational" to state a strong preference to avoid getting sick with an extraordinarily contagious, sometimes deadly, sometimes disabling virus, whether or not it's likely to be "mild" in one individual case.

To celebrate this new release of @msticpy, we share a "Today I Learned" blog post on how to extract Sysmon data from Splunk and visualize as a Process Tree: skyblue.team/posts/using-ms…

Merry Christmas Blue Teamers! 🎄🎅🎁🔔 Invoke-Bof allows you to load and execute any #CobaltStrike Beacon Object File (BOF) to test your detection capabilities! #DFIR github.com/airbus-cert/In… Airbus CERT is looking for new team member, if you're interested get in touch!