debernal

talks

mobileForensics

Scripts developed to help in mobile forensics investigations

fvol

Wrapper script that will run volatility commands and save the output depending on the profile of the memory dump

yaraZeekAlert

This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a match it sends email alerts to the email address specified in the mailTo parameter on yaraAlert.conf file. The alert includes network context of the file transfer and attaches the suspicious file if it is less than 10 MB. Alerted files are copied locally to the alerted files folder.

CTFs

down

Simple curl based bash script that mimiks several common user agents and creates a log file of the downloads.

asm

Repository of assembly programs

MANDIANT_public_YARA

MANDIANT public YARA rules, released in Mandiant blog.

plaso

Super timeline all the things

png2mp4

This small and simple script uses Pillow library to continiously save images of the desktop, which can later be added with ffmpeg.exe to produce a mp4 video.

setProxy

Bash scripts to set and unset the enterprise proxy without echoing it to standard output, and obfuscating it on the environment variable

sysmon-config

Sysmon configuration file template with default high-quality event tracing

webTools

Collections of tools for web applications.

win10_volatility

An advanced memory forensics framework

YARA

Various YARA signatures

YARA_for_config_extraction

Updated for Yara