Phill Moore
Phill Moore
If you add a lot of collaborators it makes the list quite large visually. It would be good to make it able to be minimised and expanded as necessary.
API calls on domain controllers return users as local users when this is not necessarily the case. suggestion would be to have three separate types 1. API - list users...
During an evaluation of the Recyclebin artifact it was identified that this could be improved by incorporation an option to use the MFT parser to first identify $I files. When...
WBEM repository .JOB files
The option to only download all the hunt results that were captured since the last download was prepared would be super useful for times where the notebook hasn't been used,...
Would be great if winpmem (and the others) can automatically run when you execute them without command line arguments and dump memory to the folder that the executable runs from...
See here for other Google search urls to include https://github.com/randomaccess3/googleURLParser
https://arsenalrecon.com/2018/08/digging-into-gmail-urls/ Add decoding of messageID timestamps
Fragments currently dont parse
- [ ] https://www.mandiant.com/resources/blog/apt29-continues-targeting-microsoft - [ ] https://www.inversecos.com/2022/08/how-to-detect-oauth-access-token-theft.html - [ ] https://redcanary.com/blog/o365-email-rules-mindmap/ - [ ] https://techcommunity.microsoft.com/t5/security-compliance-and-identity/forensic-artifacts-in-office-365-and-where-to-find-them/ba-p/3634865 - [ ] https://redcanary.com/blog/email-payroll-diversion-attack/ - [ ] https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/ - [ ] https://github.com/cisagov/ScubaGear