I was asked a question a little while ago from a fellow forensicator about deobfuscating some JS that he came across. The JS didn’t take long to reverse but I suspect there are others out there that would benefit from a quick post regarding another way to go about this...

YARA - the sleeping giant. There’s been mention of it over the last few years but as far as adoption - I think it’s still lacking in the tool set of many analysts. I personally like to leverage YARA on its own, within pescanner and most definitely within volatility’s malfind....

Overview

Lately I’ve been spending some time customizing Volatility to meet some of the needs I was facing. What were they? I needed an automated way to leverage Volatility to perform an analysis and while doing so I noticed there were some small changes to some of its files that...

Overview

As you are all aware of, there are a ton of different tools out there and the list just keeps growing. A coworker of mine is working on some malware automation and often times we needed to determine which tools we wanted to run against said files. This outcome...

Goal

Go through every log file for a day, print the server/IP that clients were communicating with and give a total sum for the number of times each server/IP was communicated with.

Notes

Each day has anyway from 30+ log files created from multiple sensors which archive the logs in...