Nicolas Bareil
Nicolas Bareil
Would it be possible to keep Yara comments please? I guess it would require to "attach" each comment to a string/meta/condition (to reattach the comment at the Serialization stage). Thank...
Hello It adds Python/gRPC support to the Docker image (cf #23). Unfortunately, it adds 96 MB to the image size and the Docker build takes longer to compile everything. ```...
Hello, There is an undefined variable in the exception handler when `open()` fails in laika.py: ``` Traceback (most recent call last): File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap self.run() File "/usr/local/lib/python2.7/dist-packages/laikaboss-2.0-py2.7.egg/EGG-INFO/scripts/laika.py",...
It would be convenient to support BPF filters in a minimal way, where the user provides directly the BPF opcodes. Most of the work is already done by the tcpdump...
net2pcap shall use this ioctl instead of gettimeofday(): socket(7): ``` SO_TIMESTAMP Enable or disable the receiving of the SO_TIMESTAMP control mes‐ sage. The timestamp control message is sent with level...
net2pcap should be able to listen on all interfaces at the same time.
segoon@openwall reported that the promiscuous state was not restored on exit.
Hello Willi 👋 This PR enables `setup.py` to install some of the sample applications into the `$PATH`, that way, they are directly available after a `pip install` without having to...
Modify CimPlugin.consumerbindings() to search all CIM namespaces instead of only the 'subscription' namespace for __FilterToConsumerBinding and __EventFilter classes. This allows detection of WMI persistence mechanisms created in non-default namespaces. -...
#### Summary The [`consumerbindings`](https://github.com/fox-it/dissect.target/blob/69c908a42bf3e988b7e0e18bd16910c7389c77d2/dissect/target/plugins/os/windows/cim.py#L146) method in the Windows CIM plugin currently only inspects the default `subscription` namespace: https://github.com/fox-it/dissect.target/blob/69c908a42bf3e988b7e0e18bd16910c7389c77d2/dissect/target/plugins/os/windows/cim.py#L122 As a result, it misses legitimate or malicious `__FilterToConsumerBinding` instances created in...