| <section class="text-center"> | |
| <h2 id="tmp-title">Contributor Agreement</h2> | |
| <h2 id="tmp-subtitle"><span id="tmp-contributor-type">Individual</span> Contributor <span id="tmp-contributor-exclusivity-1">Non-Exclusive</span> License Agreement</h2> | |
| <h2 id="tmp-subtitle-patent">(including the <span id="tmp-patent-option">Traditional Patent License</span> OPTION)</h2> | |
| </section> | |
| <p>Thank you for your interest in contributing to <span id="tmp-beneficiary-name">Velocidex Innovations</span>'s <span id="tmp-project-name">open source projects</span> ("We" or "Us").</p> | |
| <p>The purpose of this contributor agreement ("Agreement") is to clarify and document the rights granted by contributors to Us. To make this document effective, please follow the instructions at <span id="tmp-submission-instructions">https://cla-assistant.io/Velocidex/</span>.</p> |
We are incredibly thankful for contributions we receive from the community. We require our external contributors to sign a Contributor License Agreement ("CLA") in order to ensure that our projects remain licensed under Free and Open Source licenses such as AGPLv3 or Apache 2 allowing Velocidex Innovations to build a sustainable business.
Velocidex Innovations is committed to having a true Free and Open Source Software ("FOSS") license for our non-commercial software. A
| package main | |
| import ( | |
| "math/rand" | |
| "testing" | |
| "time" | |
| ) | |
| const ( | |
| numItems = 100 // change this to see how number of items affects speed |
| autoexec: | |
| # These parameters are run when the binary is started without args. | |
| # It will just collect our custom artifact and quit. | |
| argv: ["artifacts", "collect", "-v", "AcquireAndUploadToGCS"] | |
| artifact_definitions: | |
| - name: AcquireAndUploadToGCS | |
| parameters: | |
| - name: GCSKey | |
| description: JSON Blob you get from GCS when you create a service account. | |
| default: | |
| C:> dumpevtx.exe parse c:\Windows\System32\winevt\Logs\Security.evtx | |
| { | |
| "System": { | |
| "Provider": { | |
| "Name": "Microsoft-Windows-Security-Auditing", | |
| "Guid": "54849625-5478-4994-A5BA-3E3B0328C30D" | |
| }, | |
| "EventID": { | |
| "Value": 4672 | |
| }, |
| $createdNew = $False | |
| $mutex = New-Object -TypeName System.Threading.Mutex( | |
| $true, "Global\MyBadMutex", [ref]$createdNew) | |
| if ($createdNew) { | |
| echo "Acquired Mutex" | |
| sleep(100) | |
| } else { | |
| echo "Someone else has the mutex" | |
| } |
| name: HashRunKeys | |
| description: | | |
| Iterate over all the run keys and locate their binary then hash it. | |
| parameters: | |
| - name: runKeys | |
| default: | | |
| HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Run\* | |
| - name: pathRegex | |
| type: hidden |
| name: Windows.Applications.EdgeUrls | |
| description: | | |
| Scan anything that looks like a URL in Edge folders. | |
| parameters: | |
| - name: EdgeGlob | |
| default: C:/Users/*/AppData/Local/Packages/Microsoft.MicrosoftEdge_*/** | |
| - name: URLYaraRule | |
| default: | | |
| rule URL { |
| import pandas | |
| from pyvelociraptor import velo_pandas | |
| pandas.set_option('display.max_colwidth', None) | |
| pandas.set_option('display.max_columns', None) | |
| pandas.set_option('display.max_rows', None) | |
| pandas.DataFrame(velo_pandas.DataFrameQuery(""" | |
| SELECT * FROM info() | |
| """)) |
| pandas.DataFrame(velo_pandas.DataFrameQuery(""" | |
| SELECT * | |
| FROM hunt_results(hunt_id='H.a127011b', | |
| artifact='Windows.System.TaskScheduler', | |
| source='Analysis') | |
| LIMIT 50 | |
| """)) |
