So I played around with/used for work #Dissect and it's truly a powerful #dfir tool.

Features that I especially like:

• works on a huge variety of file types
• all the tools needed in a single tool/terminal
• runs on multiple files in parallel
• analyse and explore (shell) images without mounting the fs
• can extract the most important artifacts of an image an generates a much smaller *.tar archive of it (perfect for quick triage and sending files)
• lots of options to filter results from the command line

I think it will be my goto tool for future analyses.

There is also the possibility to use it to create images, but atm, the open source version requires some additional tools/steps to make it work.

Code and doc:

https://docs.dissect.tools/en/stable/
https://github.com/fox-it/dissect

Introduction:

https://m.youtube.com/watch?v=zPii-YV_fe0&pp=ygUMRGlzc2VjdCBkZmly0gcJCYcKAYcqIYzv

#fox-it #opensource

F* me this #Dissect tool is so insanely awesome! ❤️‍🔥

I love it as much as #Velociraptor

https://docs.dissect.tools/en/latest/index.html

Logstash. Преимущества фильтра Dissect над Grok

Мы в Домклике много лет используем ELK-stack (сейчас уже OpenSearch) для хранения и работы с логами, которых у нас очень много: около 400 гигабайтов в день. Весь этот объём проходит через Logstash, где логи частично парсятся, обогащаются метаданными и т. д. Недавно мы решили стандартизировать логи инфраструктурных сервисов, которые подняты в нескольких экземплярах. Начали с HAproxy. У нас несколько групп экземпляров под разные цели, с разным количеством логов. Раньше каждая группа HAproxy писала логи в каком-то собственном формате, и мы парсили эти логи с помощью всего одного паттерна для Grok-фильтра. Сообщение либо подходило под паттерн и разбивалось на поля, либо отправлялось в виде одной текстовой строки. Расскажу о проблемах, с которыми мы столкнулись при добавлении новых Grok-паттернов, и о том, как мы их решили, отказавшись от Grok.

https://habr.com/ru/companies/domclick/articles/840338/

#logstash #grok #dissect #производительность

New #blogpost! Recently our CERT team devised a plugin for the #Dissect incident response framework, allowing us to parse log files from Atop, a performance monitoring solution for Linux.

Find out how we did this, and how it supports our cloud-based IR lab, here: https://www.huntandhackett.com/blog/parsing-atop-log-files-with-dissect

Acer palmatum

#acerpalmatumdissectumatropurpureum
🍁
#garden #leaf #maple #red #maples #acer #dissect #leaves #autumn #scarlet #mapleleaf #mapleleaf #acerpalmatum #red #nature #treephotography #naturephotography #naturephotographer #acerpalmatumdissectum
#landscape #landscapearchitect #landscapearchitecture
#sunlight #contrejour #contrejourphotography
#nikon #z6ii #nikkor #105mc
#Plant #CloseUp #Tree #Branch

#MastoPrompt #Dissect

We didn't have to source the eyes ourselves:
Ms. Lannigan had come with them bagged up,
Still tailed by optic nerves and fringed with fat.

It got around the lab that I was keen
To take a globe in hand and find it out -
The jewel-like tapetum lucidium.

How could we be afraid to use our knives?
A generation cleaved from living truths,
Our mothers' childhood stories of the geese.

When they were our age, they were wringing necks.

@[email protected]
Working backwards🤗

To dissect

A clean cut down
the middle.
Skin folded back
to reveal
bone, organ, tissue.
All to be examined
and identified.
Poked and prodded
for understanding.
A matter of recall
or research.
Easy.

The jagged split
of thought and memory
folded back
to reveal
ache, struggle, mystery.
All elusive,
not identified.
Probed and queried
with no answers
no matter how much
we beseech.
Tough.

#MastoPrompt #poetry #dissect

In the darkness of night
I dissect the messages I’ve sent
Despairing at every misplaced word
Every unclear meaning
And I ask of the silent universe
“Is everyone angry with me now?”

#MastoPrompt #SmallPoems #Poetry #Dissect #Anxiety

It was you
I cried
For it was true
You tried
But the we
Never came to be
Soon we parted
Went separate ways
You forgot
While I counted the days
Always asking the why
Were those moments we spent
truth in disguise?
Or a test
Of true love
A way to dissect the lies?
We fell out of ourselves
Hearts tumbled onto the floor
We found happiness apart
But who could ask for more

#MastoPrompt #poetry #poem #dissect