Maxime Thiebaut

icon indicating a website link https://thiebaut.dev

icon company @NVISOsecurity icon location Belgium icon location DFIR & RE at @NVISOsecurity . Bringing custom tools to custom problems.

Results 15 comments of Maxime Thiebaut

Decompile Windows' Structured Exception Handling (SEH)

Just piggy-backing this request to have [SEH structures](https://bytepointer.com/resources/pietrek_crash_course_depths_of_win32_seh.htm) included. This is helpful when reversing exploits setting a malicious handler in the TIB.

Feature Request: Write to Eventlog with Eventlog format

I second this. We are looking at introducing SilkETW in our course's stack but being unable to search the data retrieved through Winlogbeat is a breaker.

Error when running karton-config-extractor in docker

Hi @marienmare , It seems malduck [expects the modules to be packages](https://github.com/CERT-Polska/malduck/blob/7a801b8aa57bf8bf713da459b7aa95fd83e3f7b1/malduck/extractor/modules.py#L164-L165), meaning that the `--modules` directory should contain other directories as well, not an `__init__.py` on the first level....

Add support for embedded Yara rules

Fixes #36

suricata: T751: Disable suricata.service by default

On its way :) https://github.com/vyos/vyos-1x/pull/3399