Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: SANS Internet Storm Center SANS Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

Update: mac-robber.py

Published: 2021-06-13
Last Updated: 2021-06-13 01:34:51 UTC
by Jim Clausing (Version: 1)
0 comment(s)

Almost 4 years ago, I wrote a python version of mac-robber. I use it fairly regularly at $dayjob. This past week, one of my co-workers was using it, but realized that it hashes large files a little too slowly. He decided to use mac-robber.py to collect the MAC times and do the hashing separately so he could limit the hashes to to files under a certain size. That sounded reasonable, so I've added a switch (-s or --size). If hashing is turned on the new switch will limit the hashing to files under the given size.

To see it in action, see the next figure.

I hope others find this new feature useful. If anyone has more suggestions for new features, you can let me know via comments here, e-mail, or our contact form. The tool can be found at the same place as before: 

https://github.com/att/docker-forensics/blob/master/mac-robber.py

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

Keywords: tool
0 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Fortinet Targeted for Unpatched SSL VPN Discovery Activity
Jun 12th 2021
2 days ago by Guy (0 comments)

Sonicwall SRA 4600 Targeted By an Old Vulnerability
Jun 11th 2021
3 days ago by Xme (0 comments)

Keeping an Eye on Dangerous Python Modules
Jun 11th 2021
3 days ago by Xme (0 comments)

Architecture, compilers and black magic, or "what else affects the ability of AVs to detect malicious files"
Jun 9th 2021
5 days ago by Jan (0 comments)

Microsoft June 2021 Patch Tuesday
Jun 8th 2021
5 days ago by Renato (0 comments)

Amazon Sidewalk: Cutting Through the Hype
Jun 7th 2021
6 days ago by Johannes (0 comments)

View All Diaries →

Latest Discussions

Dshield Sensor
created Jun 8th 2021
6 days ago by Rick (0 replies)

API port data
created Apr 25th 2021
1 month ago by JJ (1 reply)

RSS feed containing non-XML compatible characters
created Apr 14th 2021
2 months ago by Anonymous (1 reply)

Handler's Diary (Full text) RSS Feeds stopt working due to a typo
created Mar 5th 2021
3 months ago by bas.auer@auerplace.nl (0 replies)

port_scan issue in Snort3
created Feb 23rd 2021
3 months ago by astraea (0 replies)

View All Forums →

Latest News

Top Diaries

Maldocs: Protection Passwords
Feb 28th 2021
3 months ago by DidierStevens (0 comments)

An infection from Rig exploit kit
Jun 17th 2019
1 year ago by Brad (0 comments)

Qakbot infection with Cobalt Strike
Mar 3rd 2021
3 months ago by Brad (0 comments)

Adversary Simulation with Sim
Mar 2nd 2021
3 months ago by Russ McRee (0 comments)

Fun with DNS over TLS (DoT)
Mar 1st 2021
3 months ago by Rob VandenBrink (0 comments)