Showing posts with label fireeye. Show all posts
Showing posts with label fireeye. Show all posts

Sunday, September 1, 2019

Free / Community - Triage Analysis Tools - FireEye / Crowdstrike

Compromise Assessment / Triage Analysis Tools :

Two best tools to do the triage analysis , once the system is suspect for compromise. 

             

  • Redline - FireEye

  •  CrowdResponse - CrowdStrike


Redline:
           FireEye's premier free endpoint security tool, provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis and the development of a threat assessment profile.


With Redline, you can:
  • Thoroughly audit and collect all running processes and drivers from memory, file-system metadata, registry data, event logs, network information, services, tasks and web history.
  • Analyze and view imported audit data, including the ability to filter results around a given timeframe using Redline’s Timeline functionality with the TimeWrinkle™ and TimeCrunch™ features.
  • Streamline memory analysis with a proven workflow for analyzing malware based on relative priority.
  • Perform Indicators of Compromise (IOC) analysis. Supplied with a set of IOCs, the Redline Portable Agent is automatically configured to gather the data required to perform the IOC analysis and an IOC hit result review.


Redline version 1.20.2 introduces support for large file and registry audits. Redline has also been improved to address issues related to efficiency and memory management.
  • Supported Operating Systems: Windows XP, Windows Vista, Windows 7, Windows 8 (32-bit and 64-bit), Windows 10
  • File Size: 76 MB
  • Integrity Hashes:
    • MD5: 2edb1d0e023f286ea5015cdf1382d642
    • SHA-1: e38fe8cc81dc5491d38b61db0fff165cdd3ed35d
     
Download Link :

https://www.fireeye.com/content/dam/fireeye-www/services/freeware/sdl-redline.zip

CrowdResponse: 
                          Static Host Data Collection Tool.

                                    There is no installer for this tool. Simply unzip the contents of the downloaded ZIP file into a location of your choosing and launch it directly from there. Similarly for uninstalling; simply delete the file(s) you extracted by moving them to the Recycle Bin or permanently deleting them. It is possible there may be a very small number of elements that remain in the Registry.


There can be safely ignored or manually deleted by using a registry editing tool (e.g. regedit) and navigating to HKEY_LOCAL_MACHINE\Software\\CrowdStrike or HKEY_CURRENT_USER\Software\CrowdStrike and noting the name of the tool there and removing the branch.

Hashes:

  • MD5 c94edf14e5e1b205813b949b7904b95e

  • SHA1 bf48a7c0e32fd8f67b11eebb69f836a60de2f9e1

  • SHA256 3b5f07d83af34f16f79f8cc1f77d6a0827d7dee57a4be8f667767ce325ac5d00

Download Link :

https://www.crowdstrike.com/wp-content/community-tools/CrowdResponse.zip






Posted by at
Labels: , , , , , , ,

Tuesday, August 14, 2018

Free Indicators of Compromise (IOC) Tools - FireEye

IOC Finder

FireEye Indicators of Compromise (IOC) Finder is a free tool for collecting host system data and reporting the presence of IOCs. IOCs are open-standard XML documents that help incident responders capture diverse information about threats.


The IOC Finder features:
  • Collection of full data, sufficient for general IOC matching requirements
  • Usage of a portable storage device for collection from multiple hosts
  • IOC hit reporting in simple text, full HTML and full MS Word XML formats
  • Generation of reports for specific hosts or all hosts

Download Link : https://www.fireeye.com/services/freeware/ioc-finder.html

IOC Editor

 
FireEye Indicators of Compromise (IOC) Editor is a free tool that provides an interface for managing data and manipulating the logical structures of IOCs. IOCs are XML documents that help incident responders capture diverse information about threats, including attributes of malicious files, characteristics of registry changes and artifacts in memory.

The IOC Editor includes:
  • Manipulation of the logical structures that define the IOC
  • Application of meta-information to IOCs, including detailed descriptions or arbitrary labels
  • Conversion of IOCs into XPath filters
  • Management of lists of “terms” used within IOCs
 Download Link : https://www.fireeye.com/services/freeware/ioc-editor.html

IOC Writer

IOC Writer provide a python library that allows for basic creation and editing of OpenIOC objects.

Provide a python library that allows for basic creation and editing of OpenIOC objects. It supports a basic CRUD (Create, Read, Update, Delete) for various items.
Items do not have built in Read operations, since all items can be accesed with built in ElementTree syntax or the use of XPATH to select portions of the IOC.

Download Link : https://github.com/mandiant/ioc_writer























































Posted by at
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)