weslambert

icon indicating a website link https://infosec.exchange/@weslambert icon indicating an email [email protected]

icon company Security Onion Solutions LLC icon location Augusta, GA icon location Lead Engineer, NSM at Target

Results 83 comments of weslambert

Update Velociraptor Responder

Thanks, I will take a look.

New Analyzer: Fireeye Capa (WIP)

Ah, I see -- should close I this out then?

New Analyzer: Fireeye Capa (WIP)

Agreed. Sounds good! 👍

New Analyzer: Fireeye Capa (WIP)

@dadokkio Thoughts on this? https://github.com/fireeye/capa/issues/50 Assuming we should wait until it's fully supported for Python 3?

New Analyzer: Fireeye Capa (WIP)

Awesome, thanks! I've thought about using an executable with another analyzer before, but wasn't sure if that would be acceptable. So, it would just be run from the analyzer directory...

New Analyzer: Fireeye Capa (WIP)

Thanks @williballenthin !

New Analyzer: Fireeye Capa (WIP)

Currently running into an issue w/ permissions and the file creation associated with the following: https://github.com/fireeye/capa/issues/244

New Analyzer: Fireeye Capa (WIP)

Should be fixed very soon upstream, at which point, I'll finish the implementation of this analyzer.

New Analyzer: Fireeye Capa (WIP)

1.3.0 was released today. Continuing to test/develop.

New Analyzer: Fireeye Capa (WIP)

@dadokkio what do you think of something like the following? (Tactic -> Technique -> Capability -> Metadata (rule, examples)) ![image](https://user-images.githubusercontent.com/16829864/93415470-913e6600-f871-11ea-9813-8ba6b6ded92f.png)