Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Updates to my GREM Gold scripts and a new script - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Updates to my GREM Gold scripts and a new script

And finally, before those of us in the US trip out on tryptophan tomorrow, I've updated a few of the scripts that I wrote about in my GREM Gold paper and my SANSFIRE talk.  The biggest change is that I have finally integrated Michael Hale Ligh's malfind2 volatility plugin into the report and I have switched to using httpry for reporting on the HTTP traffic.  I've also put together another script to report on/decode DNS traffic out of a pcap.  The script can be found on my handler's page.  I recently used that and another script I wrote for the latest network forensics contest.  I'll post the other script and my solution (because I had a lot of fun working on it) after they release the results.  I highly recommend these contests and the other packet challenges we've told you about before for those who want more practice at playing with packets and network traces.

Jim Clausing, jclausing --at-- isc [dot] sans (dot) org

I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS DFIR Summit & Training 2022


423 Posts
ISC Handler
Nov 25th 2009

Sign Up for Free or Log In to start participating in the conversation!