Mark Baggett - In Depth Defense

Posts

Showing posts from 2017

SRUM_DUMP_CSV Beta Test Released

I've released a BETA test of the SRUM_DUMP_CSV forensics tool. A few people have reported crashes when SRUM_DUMP processing large Application Event logs. The problem is resolved with the new version of the tool that produce individual CSV files instead of a single XLSX file. Check it out! https://github.com/MarkBaggett/srum-dump

Use Python and Scapy to Easily Do Full Duplex Stream Reassembly!

Check out this blog on how to get scapy to do full packet reassembly in just a few lines of Python code. https://pen-testing.sans.org/blog/2017/10/13/scapy-full-duplex-stream-reassembly

SQLMAP Tamper Scripts

Check out this article on using Python to automate SQLi with SQLMAP! https://pen-testing.sans.org/blog/2017/10/13/sqlmap-tamper-scripts-for-the-win

New SEIM API for Phishing Domains

I released a tool to enable network defenders to find phishing and command and control domains. This web API allows your SEIM's to identify likely malicious domains. Check out the original posts on the Internet Storm Center .

New Incident Response Tool - SRUM-DUMP

I released an incident response/forensics tool to dump the valuable information stored in Microsoft's System Resource Utilization Monitoring database. Check it out. Read the original article posted here on the Internet Storm Center.