fibratus
fibratus copied to clipboard
rabbitstack
A modern tool for Windows kernel exploration and tracing with a focus on security
The mask transformer should take care of masking sensitive data living in event parameters. Example config: ``` transformers: mask: char: * enabled: true kparams: - sip - dip ```
`fibratus logs` command should provide a user-friendly interface for grepping/exploring Fibratus log files that reside in the`%PROGRAMFILES%\Fibratus\Logs` directory. The command would have various options: `-f` for tailing the log file...
[MongoDB](https://www.mongodb.com) output would be responsible for storing the events in the Mongo collections. We should consider introducing the `BSON` serializer if the native Mongo client `BSON` encoder doesn't satisfy the...
These helper functions would allow consulting the handle state exposed by Fibratus. The `find_handles` function should return all handles known to Fibratus as a list of Python dictionary objects. The...
### Description This task should tackle the implementation of the [Splunk](https://www.splunk.com/) output. Events should be shipped to the Splunk HEC (HTTP event collector). For borrowing ideas, see the reference link...
These functions would allow consulting the process state exposed by Fibratus. The `find_processes` function should return currently running processes as a list of Python dictionary objects. The `find_process` function accepts...
Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.6.2 to 1.13.0. Release notes Sourced from github.com/spf13/viper's releases. v1.13.0 Important: This is the last release supporting Go 1.15. What's Changed Exciting New Features 🎉 Add etcd3...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Steps to reproduce : ``` 1. Install Fibratus and execute Fibratus run (optionally capture output somewhere) (Windows 10 x64) 2. Download this LSASS dumper : https://github.com/tastypepperoni/PPLBlade/releases/download/v1.0/PPLBlade.exe (Note: Defender detects PPLBlade.exe...
A prominent use case for filaments is alert post-processing. This would allow any filament defining the `on_next_alert` function to react on alert arrival, either generated by the detection engine or...
Fibratus ships with an embedded Python interpreter which facilitates the loading of the Python standard library and interpreter in addition to eliminating the need for users to install the Python...
Metadata
Owner
Metadata
A modern tool for Windows kernel exploration and tracing with a focus on security