williballenthin

'''
parse osx sticky databases.

author: Willi Ballenthin <[email protected]>
license: Apache 2.0

usage:

    $ python extract_stickies.py  /path/to/input.bin  /path/to/output/directory/
'''

williballenthin

#!/usr/bin/env python3
'''
bling.py - extract keys from macOS keychains.

installation:
  pip install pytz hexdump vivisect-vstruct-wb tabulate argparse pycryptodome

usage:
  python bling.py /path/to/keychain-db <password> ./path/to/output/directory

williballenthin

'''
parse SavedState artifacts extracted from OSX.

author: Willi Ballenthin ([email protected])
license: Apache 2.0
'''
import re
import sys
import json
import struct

bhive01

Date/Time:        2020-05-01 18:29:02 -0700
End time:         2020-05-01 18:37:21 -0700
OS Version:       Mac OS X 10.15.4 (Build 19E287)
Architecture:     x86_64h
Report Version:   29

Data Source:      Stackshots
Shared Cache:     0x5753000 397AAAC6-1F11-3E99-B86A-5F8C9F2518F4

Command:          R

bhive01

default	18:38:38.152848-0700	R	FRONTLOGGING: version 1
default	18:38:38.152878-0700	R	Registering, pid=889
default	18:38:38.156038-0700	R	CHECKIN: pid=889
default	18:38:38.164302-0700	R	CHECKEDIN: pid=889 asn=0x0-0x51051 foreground=1
default	18:38:38.184202-0700	R	Registered, pid=889 ASN=0x0,0x51051
default	18:38:38.184346-0700	R	Registered, pid=889 cgConnectionID=95237
default	18:38:38.186274-0700	R	BringForward: pid=889 asn=0x0-0x51051 bringForward=1 foreground=1 uiElement=0 launchedByLS=1 modifiersCount=1 allDisabled=0
default	18:38:38.186359-0700	R	BringFrontModifier: pid=889 asn=0x0-0x51051 Modifier 0 hideAfter=0 hideOthers=0 dontMakeFrontmost=0 mouseDown=0/0 seed=0/0
default	18:38:38.186449-0700	R	BringForward: pid=889 asn=0x0-0x51051
default	18:38:38.186490-0700	R	SetFrontProcess: asn=0x0-0x51051 options=0

kevwan

1. choose a simple linux image

For example alpine, it's only about 5MB.

2. set timezone if necessary

RUN apk add --no-cache tzdata
ENV TZ America/New_York

kylemcdonald

WesleyAC

#!/usr/bin/env bash

cd $(dirname $0)

docker run --rm -it -v "$(pwd)":/home/rust/src -v cargo-git:/home/rust/.cargo/git -v cargo-registry:/home/rust/.cargo/registry -v "$(pwd)/target/":/home/rust/src/target ekidd/rust-musl-builder:nightly-2021-01-01 sudo chown -R rust:rust /home/rust/.cargo/git /home/rust/.cargo/registry /home/rust/src/target

docker run --rm -it -v "$(pwd)":/home/rust/src -v cargo-git:/home/rust/.cargo/git -v cargo-registry:/home/rust/.cargo/registry -v "$(pwd)/target/":/home/rust/src/target ekidd/rust-musl-builder:nightly-2021-01-01 cargo build --release

mcmoe

<!-- From: https://gist.githubusercontent.com/sorvell/48f4b7be35c8748e8f6db5c66d36ee29/raw/67346e4e8bc4c81d5a7968d18f0a6a8bc00d792e/index.html -->
<!doctype html>
<html>
<head>
  <!-- Polyfills only needed for Firefox and Edge. -->
  <script src="https://unpkg.com/@webcomponents/webcomponentsjs@latest/webcomponents-loader.js"></script>
</head>
<body>
  <!-- Works only on browsers that support Javascript modules like
       Chrome, Safari, Firefox 60, Edge 17 -->

noperator

Update: Please see Bishop Fox's rapid response post Log4j Vulnerability: Impact Analysis for latest updates about this vulnerability.

Technologies using Apache Log4j

The Cosmos 🌌 team at Bishop Fox 🦊 is currently researching open-source projects that appear to use Log4j by default.

• Apache Druid
• Apache Dubbo
• Apache Flink
• Apache Flume