Matthew Green
Matthew Green
The issue is most of the publicly shared repo's are terrible for practical yara scanning. Some rules will work for some usecases, others for disk only etc etc An example...
Just to add to the conversation, imho we want file telemetry to include process context. USN is great for forensics but not as high security value as other techniques.
Adding this link to Didier Stevens pdf-parser.py https://blog.didierstevens.com/programs/pdf-tools/ https://didierstevens.com/files/software/pdf-parser_V0_7_8.zip
@AustinBollinger-dfir ive written a native parser for BIN files using our binary parser. Works pretty well, I'll add it to the main project/Rapid7 Labs repo soon.
@Gaffx This artifact wont run on the live host - you might want to specify that this artifact is an offline analysis only artifact after collecting a disk image in...
FYI - I shared our internal one here - https://github.com/rapid7/Rapid7-Labs/blob/main/Vql/CVE-2024-4300.yaml
closing as per comment above
I scoped changing this to OSPath and as the query is complex its goig to take significant time (as long as it took to write it!). Can you try the...
Hi @bnbdr just looking at this repo now! Thank you for pointing this out. Do you by any chance have a sample that is impacted by this issue?
waiting on 0.7.2 for an easier fix.