tomchop

@[email protected]
1.1K Followers
411 Following
121 Posts
Digital Forensics & Incident Response 
@ Google by day; threat intel and malware analysis by night. CertSG alumn. #BlueTeam #DFIR #CTI • Views are my own • he/him
Keybasehttps://tomchop.keybase.pub/mastodon.html
GitHubhttps://github.com/tomchop
tomchopJan 25
I rarely post here, but when I do... I just updated my Volatility autoruns plugin to be compatible with Volatility 3 (long overdue!) Here's the goodies: https://github.com/tomchop/volatility3-autoruns #dfir #forensics #cybersecurity
GitHub - tomchop/volatility3-autoruns: Autoruns plugin for the Volatility3 framework

Autoruns plugin for the Volatility3 framework. Contribute to tomchop/volatility3-autoruns development by creating an account on GitHub.

GitHub
Show threadtomchopDec 21, 2023
@hacktobeer Hahaha perfect, I'm pretty sure a lot of people will be in agreement. Maybe the discount should be capped?
Show threadtomchopDec 4, 2023
@benmontour no worries at all! Thanks for putting time into this. Sounds pretty cool, looking forward to what you’re coming up with!
Show threadtomchopDec 1, 2023
@benmontour Here's the link! https://github.com/yeti-platform/yeti/discussions/919
Documenting the data model · yeti-platform/yeti · Discussion #919

In a Mastodon thread, @benmontour asked: For the most part it looks like a simplified STIX with a few additions and tweaks. Is there documentation somewhere to help ensure normalization across thin...

GitHub
Show threadtomchopDec 1, 2023
@benmontour hey! That’s a very good point. We have some normalization requirements (like having “source” in context, which you’ve fixed- thanks for that :)) but other than that not really. Even the links between entities are a bit free form; the idea was to stay very flexible. I’d say let’s move this to a GitHub discussion to see where we’re lacking and what we can bring in.
Show threadtomchopNov 22, 2023
@benmontour sure thing! Thanks for bringing it up :)
Show threadtomchopNov 22, 2023
@benmontour hey, thanks a lot! This sounds like a bug indeed, you’re supposed to be able to do exactly that (attribute=blah). It’s probably because we do a 1:1 match and not really a substring search. Do you mind opening an issue in the repo so we can track it? https://github.com/yeti-platform/yeti/issues otherwise I’ll get to it tomorrow. Thanks!!
GitHub - yeti-platform/yeti: Your Everyday Threat Intelligence

Your Everyday Threat Intelligence. Contribute to yeti-platform/yeti development by creating an account on GitHub.

GitHub
Show threadtomchopNov 14, 2023

Please feel free to use (and tell us when you do! we love hearing about people's use-cases), file lots of bugs, and feel free to contribute: guides, documentation, even cool screenshots, everything is welcome.

We are looking forward to integrating formats such as https://dfiq.org, shipping tighter integrations with DFIR platform tools like
@TimesketchProj,
@TurbiniaProj and CTI platforms like @MISPProject
(and hopefully many more!)

Home - DFIQ (Digital Forensics Investigative Questions)

Show threadtomchopNov 14, 2023
139 commits to the frontend SPA
Show threadtomchopNov 14, 2023
The changes in the codebase have been massive (remember, it's only 2 people working on this): 480 commits to the API server