Hacker NewsSep 21

Google/timesketch: Collaborative forensic timeline analysis

https://github.com/google/timesketch

#HackerNews #Google #timesketch #Collaborative #Forensic #Analysis #Timeline #Analysis #Cybersecurity #Tools

Alexandre DulaunoyDec 18, 2022

Great news! The @misp and the @hashlookup integration is now merged in @TimesketchProj

Thanks to all who helped to make this happens. (David, Thomas, Alexander, Johan, Joachim)

https://github.com/google/timesketch/pull/2429

More documentation and use-cases will be shown in the next weeks.

#DFIR #opensource #misp #timesketch #hashlookup #threatintel #threathunting

MISP and Hashlookup analyzers by DavidCruciani · Pull Request #2429 · google/timesketch

This PR add two new analyzers: MISP and Hashlookup: fixes #2428 . This will ad two new analyzers, MISP and Hashlookup

GitHub
Wes LambertDec 13, 2022

🦖Day 83 of the @velocidex #velociraptor #ArtifactsOfAutumn series

Artifact: Server.Utils.BackupGCS/S3

Link:
https://docs.velociraptor.app/artifact_references/pages/server.utils.backupgcs/

https://docs.velociraptor.app/artifact_references/pages/server.utils.backups3/

----

These artifacts are server monitoring artifacts that will watch for flow completions, then zip and send the results to Google Cloud, or an S3 bucket, using the 'upload_gcs()' and 'upload_s3()' functions.

https://docs.velociraptor.app/vql_reference/plugin/upload_gcs

https://docs.velociraptor.app/vql_reference/plugin/upload_s3

----

Once uploaded, the collections can be left alone and remain archived, or special post-processing can be applied using third-party tools, depending on defenders' needs.

@eric_capuano and @shortxstack (@recon_infosec) did an excellent job presenting about using these artifacts with Timesketch to generate a timeline of events.

If you haven't already, be sure to check out their presentation from @SANS #DFIR Summit 2021!

https://www.sans.org/presentations/breaches-be-crazy/

----

That's it for now! Stay tuned to learn about more artifacts! 🦖

#DFIR
#Forensics
#Infosec
#Plaso
#ThreatHunting
#Timesketch

Server.Utils.BackupGCS :: Velociraptor - Digging deeper!

AlexNov 5, 2022

If you want a very recent Blog Article, two team mates wrote: https://osdfir.blogspot.com/2022/11/find-needle-faster-with-hashr-data.html
#hashr is a cool new tool and the article is the follow up for: https://osdfir.blogspot.com/2022/08/generate-your-own-hash-sets-with-hashr.html

Where Michal introduces the tool. It can reduce the noise of finding badness in your forensic effort quite a lot. While the Blog is about #Timesketch you can for sure hook it up to any other workflow you have.

Find the needle faster with hashR data

Co-author:  Janosch Köpper A challenge in compromise investigations is the volume of data to be analysed. In a previous article we showed h...