Another trip around the sun is in the books. Looking back over the year, I thought I’d tie a bow on some of the things I’d done, and share a bit about what to expect in the coming year.
In August, I released RegRipper 4.0. Among the updates are some plugins with JSON output, and I found a way to integrate Yara into RegRipper.
I also continued updating Events Ripper, which I’ve got to say, has proven (for me) time and again to be well worth the effort, and extremely valuable. As a matter of fact, within the last week or so, I’ve used Events Ripper to great effect, specifically with respect to MSSQLServer, not to “save my bacon”, as it were, but to quickly illuminate what was going on on the endpoint being investigated.
For anyone who’s followed me for a while, either via my blog or on LinkedIn or X, you’ll know that I’m a fan of (to steal a turn of phrase from Jesse Kornblum) “using all the parts of the buffalo“, particularly when it comes to LNK file metadata.
For next year, I’m working on an LNK parser that will allow you to automatically generate a bare-bones Yara rule for detecting other similar LNK files (if you have a repository from a campaign), or submitting as a retro-hunt to VirusTotal.
Finally, I’m
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: