SANS FOR508 2016 | EF9EE1CE583E8049E7960AA6D68F43D9960ACE52

SANS FOR508 2016

Name	SANS FOR508 2016	DOWNLOAD Copy Link
Total Size	98.6 GB
Total Files	779
Hash	EF9EE1CE583E8049E7960AA6D68F43D9960ACE52

/
508.workbook.2.pdf	106.6 MB
508.workbook.1.pdf	91.7 MB
508.workbook.3.pdf	134.5 MB
poster_2014_find_evil.pdf	1.9 MB
508.1.pdf	115.3 MB
508.5.2.pdf	98.2 MB
vm-pass.txt	0.0 KB
508.2.1.pdf	135.0 MB
508.5.1.pdf	113.3 MB
508.3-4.1.pdf	155.9 MB
508.3-4.2.pdf	133.4 MB
508.2.2.pdf	73.6 MB
/FOR508-USB/
VERSION-FOR508-17-2A.txt	95.7 KB
/FOR508-USB-B/
VERSION-FOR508-17-2B.TXT	33.8 KB
/FOR508-USB/documents/
SANS-DFIR-CATALOG.pdf	3.7 MB
Remediating-Intrusions.pdf	560.7 KB
Poster_Find_Evil.pdf	1.9 MB
SIFT WORKSTATION CHEAT SHEET 3.1.pdf	137.9 KB
Windows 10 Security Auditing and Monitoring Reference.docx	9.9 MB
Windows Artifacts Dissected by Mike Murr.pdf	3.6 MB
Windows 7 and Windows Server 2008 R2 Security Event Descriptions.xls	207.9 KB
Mounting Images for Analysis.pdf	705.0 KB
Threat-Hunting-Links.xlsx	610.3 KB
Detecting-security-incidents-windows-workstation-event-logs.pdf	836.5 KB
Evidence-Of-Poster.pdf	3.9 MB
Windows Logging Cheat Sheet v1.1.pdf	780.6 KB
Additional Windows Logs Firewall and IIS Logs.pdf	1.3 MB
Examining Shadows Volumes in a Raw Image.pdf	2.6 MB
FAT Filesystem.pdf	426.2 KB
Memory-Forensics-Poster.pdf	3.5 MB
Forensic Log Parsing with Microsoft's LogParser.pdf	69.3 KB
For508_HANDOUT_MemFor_v1_3.pdf	112.2 KB
Mount using iSCSI Reusable Connection.pdf	370.3 KB
Linux-and -VMware-How-To.pdf	5.7 MB
~$Threat-Hunting-Links.xlsx	0.2 KB
rekall-memory-forensics-cheatsheet.pdf	565.3 KB
/.../SIFT-Lab-Install/
DATA-FOR-FINAL-DAY.zip	223.8 MB
/.../example-memory-images/
xp_tdungan_live_audit.mans	715.0 MB
storm_worm.zip	74.0 MB
conficker.mans	35.6 MB
xp_tdungan.mans	93.8 MB
stuxnet.zip	175.9 MB
zeus.mans	39.8 MB
black_energy.zip	41.7 MB
conficker.zip	128.0 MB
stuxnet.mans	71.8 MB
TDSS.zip	93.3 MB
sobig.mans	53.9 MB
storm_worm.mans	295.3 MB
TDSS.mans	29.5 MB
APT.zip	174.8 MB
APT.mans	73.5 MB
black_energy.mans	37.8 MB
nromanoff.mans	244.3 MB
sobig.zip	177.4 MB
zeus.zip	42.4 MB
/.../SIFT-Lab-Install/SIFT/
SIFT 3 - FOR508.zip	18.5 GB
/.../SIFT-Lab-Install/7zip/
7zip-64bit.msi	1.4 MB
7zip-32bit.msi	1.1 MB
/.../xp-tdungan-10.3.58.7/
XP-TDUNGAN-TIMELINE-FINAL.xlsx	9.6 MB
/.../SIFT-Lab-Install/VMware/
VMware-workstation-full-10.0.4-2249910.exe	515.0 MB
VMware-player-6.0.3-1895310.exe	98.9 MB
/.../SIFT-Lab-Install/Redline/
User-Guide-redline.pdf	9.1 MB
Redline-1.14.msi	70.2 MB
m-whitelist-1.0.txt	57.3 MB
/.../win7-64-nfury-10.3.58.6/
NFURY-FINAL-TIMELINE.xlsx	12.9 MB
/.../SIFT-Lab-Install/IOC Editor/
Mandiant IOCe.msi	2.2 MB
openioc1-0.zip	339.7 KB
HTTPPUMP.txt	1.0 KB
/.../SIFT-Lab-Install/Windows Tools/
ZoomIt.zip	303.2 KB
autorunner.v0.0.9.zip	767.9 KB
SDelete.zip	82.7 KB
WMIC-README.txt	3.3 KB
Timestomp-GUI.exe	33.3 KB
LogParser.msi	1.5 MB
Autoruns.zip	1.3 MB
AmcacheParser.exe	696.3 KB
ANJPv3.11.07_FE.exe	17.7 MB
Emailtime 2013-04-09.zip	4.5 MB
FOR408-Tools.zip	242.9 MB
PECmd.exe	871.4 KB
Kansa-master.zip	158.8 KB
Procdump.zip	411.0 KB
prefetch_hashes_lookup.zip	293.7 KB
sleuthkit-4.3.0-win32.zip	12.3 MB
wmic_lr_local.cmd	5.6 KB
wmic_lr_remote.cmd	6.4 KB
wmic_lr.zip	5.6 KB
timestomp.exe	57.3 KB
/.../SIFT-Lab-Install/Redline/DOTNET/
dotNetFx40_Full_x86_x64.exe	50.4 MB
dotNetFx4.5_Full.exe	70.0 MB
/.../SIFT-Lab-Install/IOC Editor/DOTNET/
dotNetFx4.5_Full.exe	70.0 MB
dotNetFx40_Full_x86_x64.exe	50.4 MB
dotnetfx35_FULL.exe	242.7 MB
/.../SIFT-Lab-Install/Timeline Explorer/
superTimeline.layout	20.9 KB
TimelineExplorer.exe	28.4 MB
macTimeline.layout	7.9 KB
/.../Event Log Explorer/
elex_setup.exe	5.0 MB
/.../SIFT-Lab-Install/Redline/APT1 - IOCS/
0c7c902c-67f8-479c-9f44-4d985106365a.ioc	6.1 KB
8695bb5e-29cd-41b9-b8b1-a0d20a6b960d.ioc	31.1 KB
86e9b8ec-7413-453b-a932-b5fb95a8dba6.ioc	16.1 KB
8900aa6b-883d-48d3-a07d-d49b0429dd2b.ioc	4.8 KB
af5f65fc-e1ca-45db-88b1-6ccb7191ee6a.ioc	7.3 KB
c32b8af3-28d0-47d3-801f-a2c2b0129650.ioc	25.3 KB
c71b3305-85e5-4d51-b07c-ff227181fb5a.ioc	35.4 KB
ad521068-6f18-4ab1-899c-11007a18ec73.ioc	12.8 KB
a486d837-9f05-4360-908e-b4244c24723d.ioc	9.2 KB
8dd23e0a-a659-45b4-a168-67e4b00944fb.ioc	258.7 KB
9c9368cd-3a1f-4200-b093-adb97d5f1f5d.ioc	6.8 KB
a461f381-8612-4ce1-a0dc-68bcaca028d0.ioc	11.6 KB
86f988b7-fa02-46df-8e19-e50ce37f0fed.ioc	17.2 KB
2bff223f-9e46-47a7-ac35-d35f8138a4c7.ioc	5.5 KB
c7fa2ea5-36d5-4a52-a6cf-ddc2257cb6f9.ioc	5.7 KB
4a2c5f60-f4c0-4844-ba1f-a14dac9fa36c.ioc	6.8 KB
6bd24113-2922-4d25-b490-f727f47ba948.ioc	7.6 KB
70b5be0c-8a94-44b4-97a4-1e95b09498a8.ioc	36.8 KB
61695156-298c-4d77-ad7f-48feb562fb75.ioc	4.5 KB
6091c4ce-6d73-4202-a7a8-b52406fa4d77.ioc	10.1 KB
547e4128-9dff-45d9-b90f-081ce3966dee.ioc	20.5 KB
5477b392-e565-45c5-9cb4-f561d6daeddc.ioc	5.7 KB
4d1ced5f-fe47-4ba4-be0e-81d547f3aa8a.ioc	8.7 KB
56468547-6cf5-4c66-af56-2543d4271482.ioc	8.2 KB
7c739d52-c669-4d51-ac15-8ae66305e232.ioc	19.3 KB
7d2eaadf-a5ff-4199-996e-af6258874dad.ioc	6.0 KB
32b168e6-dbd6-4d56-ba2f-734553239efe.ioc	7.5 KB
2fc55747-6822-41d2-bcc1-387fc1b2e67b.ioc	8.1 KB
26213db6-9d3b-4a39-abeb-73656acb913e.ioc	10.3 KB
2106f0d2-a260-4277-90ab-edd3455e31fa.ioc	19.2 KB
3433dad8-879e-40d9-98b3-92ddc75f0dcd.ioc	8.4 KB
3e01b786-fe3a-4228-95fa-c3986e2353d6.ioc	4.0 KB
7f9a6986-f00a-4071-99d3-484c9158beba.ioc	20.6 KB
806beff3-7395-492e-be63-99a6b4a550b8.ioc	21.9 KB
84f04df2-25cd-4f59-a920-448d8843b6fc.ioc	6.5 KB
12a40bf7-4834-49b0-a419-6abb5fe2b291.ioc	60.0 KB
a1f02cbe-7d37-4ff8-bad7-c5f9f7ea63a3.ioc	42.9 KB
eb91abad-afe0-4bd6-80f2-850d14a99308.ioc	23.9 KB
fabdf553-b3ed-4bc9-9ac6-13d6bd174dad.ioc	30.4 KB
fdfb2c22-d0c4-4bf0-8ea4-27d8d51f98ea.ioc	5.3 KB
d14d5f09-9050-4769-b00d-30fce9e6eb85.ioc	5.4 KB
e928aac0-9f71-4adf-9978-4177345ec610.ioc	22.2 KB
ece1846e-98d3-4ddc-a520-0dcda4866989.ioc	7.2 KB
d4f103f8-c372-49d1-b9f4-e127d61d0639.ioc	12.0 KB
d1c65316-cddd-4d9c-8efe-c539aa5965c0.ioc	31.6 KB
d5e49501-c30d-41ae-b381-c3c473040c39.ioc	29.3 KB
d8240090-affd-466e-a39c-64add5b98813.ioc	16.6 KB
/.../Threat Intelligence Reports/
CrowdStrike_Global_Threat_Report_2015.pdf	3.0 MB
CyberIntrusionCasebook.pdf	4.9 MB
Dissecting the Tactics & Techniques of an Adversary.pdf	288.0 KB
2015-Equation_group_questions_and_answers.pdf	4.2 MB
FireEye-APT-Handbook.pdf	2.5 MB
2014-Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf	2.9 MB
2015-NORSE_JIB_IRAN_011_JANUARY_27_2015.pdf	2.0 MB
2015-Project2049-Stokes_PLA_General_Staff_Department_Unit_61398.pdf	1.6 MB
fireeye-operation-saffron-rose.pdf	1.9 MB
h12756-wp-shell-crew.pdf	3.6 MB
rpt-poison-ivy.pdf	6.1 MB
wp-windows-management-instrumentation.pdf	1.5 MB
2013-Mandiant_APT1_Report.pdf	6.8 MB
PlugX-DLL-Sideloading.pdf	3.4 MB
M-TRENDS-2015.pdf	2.3 MB
Mandiant_APT1_Report.pdf	6.8 MB
ICIT-Brief-Know-Your-Enemies-2.0.pdf	1.7 MB
CrowdStrike_Global_Threat_Report_2014.pdf	3.1 MB
2011-Project2049-PLA third department_sigint cyber stokes lin hsiao.pdf	1.5 MB
2006-iDefense-NCPH Hacking Team and Word 0-days.pdf	76.6 KB
/.../SIFT-Lab-Install/F-Response-Enterprise/
F-ResponseEnterprise.exe	16.1 MB
fresponselm-accel-lin_5.0.3_amd64.deb	633.1 KB
/.../SIFT-Lab-Install/IOC Editor/APT1 - IOCS/
61695156-298c-4d77-ad7f-48feb562fb75.ioc	4.5 KB
6091c4ce-6d73-4202-a7a8-b52406fa4d77.ioc	10.1 KB
56468547-6cf5-4c66-af56-2543d4271482.ioc	8.2 KB
70b5be0c-8a94-44b4-97a4-1e95b09498a8.ioc	36.8 KB
7f9a6986-f00a-4071-99d3-484c9158beba.ioc	20.6 KB
7d2eaadf-a5ff-4199-996e-af6258874dad.ioc	6.0 KB
7c739d52-c669-4d51-ac15-8ae66305e232.ioc	19.3 KB
547e4128-9dff-45d9-b90f-081ce3966dee.ioc	20.5 KB
6bd24113-2922-4d25-b490-f727f47ba948.ioc	7.6 KB
fabdf553-b3ed-4bc9-9ac6-13d6bd174dad.ioc	30.4 KB
4a2c5f60-f4c0-4844-ba1f-a14dac9fa36c.ioc	6.8 KB
3e01b786-fe3a-4228-95fa-c3986e2353d6.ioc	4.0 KB
3433dad8-879e-40d9-98b3-92ddc75f0dcd.ioc	8.4 KB
4d1ced5f-fe47-4ba4-be0e-81d547f3aa8a.ioc	8.7 KB
5477b392-e565-45c5-9cb4-f561d6daeddc.ioc	5.7 KB
ece1846e-98d3-4ddc-a520-0dcda4866989.ioc	7.2 KB
806beff3-7395-492e-be63-99a6b4a550b8.ioc	21.9 KB
fdfb2c22-d0c4-4bf0-8ea4-27d8d51f98ea.ioc	5.3 KB
eb91abad-afe0-4bd6-80f2-850d14a99308.ioc	23.9 KB
8695bb5e-29cd-41b9-b8b1-a0d20a6b960d.ioc	31.1 KB
c71b3305-85e5-4d51-b07c-ff227181fb5a.ioc	35.4 KB
c7fa2ea5-36d5-4a52-a6cf-ddc2257cb6f9.ioc	5.7 KB
d14d5f09-9050-4769-b00d-30fce9e6eb85.ioc	5.4 KB
d1c65316-cddd-4d9c-8efe-c539aa5965c0.ioc	31.6 KB
c32b8af3-28d0-47d3-801f-a2c2b0129650.ioc	25.3 KB
af5f65fc-e1ca-45db-88b1-6ccb7191ee6a.ioc	7.3 KB
a1f02cbe-7d37-4ff8-bad7-c5f9f7ea63a3.ioc	42.9 KB
a486d837-9f05-4360-908e-b4244c24723d.ioc	9.2 KB
ad521068-6f18-4ab1-899c-11007a18ec73.ioc	12.8 KB
d4f103f8-c372-49d1-b9f4-e127d61d0639.ioc	12.0 KB
d5e49501-c30d-41ae-b381-c3c473040c39.ioc	29.3 KB
86f988b7-fa02-46df-8e19-e50ce37f0fed.ioc	17.2 KB
86e9b8ec-7413-453b-a932-b5fb95a8dba6.ioc	16.1 KB
a461f381-8612-4ce1-a0dc-68bcaca028d0.ioc	11.6 KB
8900aa6b-883d-48d3-a07d-d49b0429dd2b.ioc	4.8 KB
8dd23e0a-a659-45b4-a168-67e4b00944fb.ioc	258.7 KB
d8240090-affd-466e-a39c-64add5b98813.ioc	16.6 KB
e928aac0-9f71-4adf-9978-4177345ec610.ioc	22.2 KB
9c9368cd-3a1f-4200-b093-adb97d5f1f5d.ioc	6.8 KB
84f04df2-25cd-4f59-a920-448d8843b6fc.ioc	6.5 KB
32b168e6-dbd6-4d56-ba2f-734553239efe.ioc	7.5 KB
2fc55747-6822-41d2-bcc1-387fc1b2e67b.ioc	8.1 KB
0c7c902c-67f8-479c-9f44-4d985106365a.ioc	6.1 KB
2106f0d2-a260-4277-90ab-edd3455e31fa.ioc	19.2 KB
12a40bf7-4834-49b0-a419-6abb5fe2b291.ioc	60.0 KB
26213db6-9d3b-4a39-abeb-73656acb913e.ioc	10.3 KB
2bff223f-9e46-47a7-ac35-d35f8138a4c7.ioc	5.5 KB
/.../Cyber Threat Intelligence IOCs/
APT1 - IOCS.zip	209.2 KB
poison_ivy-stix-1.2.zip	627.9 KB
apt1-stix-1.2.zip	1.2 MB
/.../xp-tdungan-memory/
xp-tdungan-memory-raw.txt	1.3 KB
xp-tdungan-memory-raw.001	2.1 GB
xp_tdungan.mans	93.8 MB
/.../xp-tdungan-c-drive/
xp-tdungan-c-drive.E01.txt	1.8 KB
xp-tdungan-c-drive.E01	7.0 GB
/.../SIFT-Lab-Install/IOC Editor/DOTNET/DOTNET/
dotNetFx4.5_Full.exe	70.0 MB
dotNetFx40_Full_x86_x64.exe	50.4 MB
/.../SIFT-Lab-Install/IOC Editor/Additional IOCs/
9a7a6929-25ea-4254-a300-13fd6b39c490.ioc	7.1 KB
Flamer-Framework.ioc	40.8 KB
e1cbf7ca-4938-4d3c-a7e6-3ff966516191.ioc	10.8 KB
de99badf-b448-49e7-885a-4d8688ddf02d.ioc	24.7 KB
bdf7929c-3f0b-4fdd-bcc5-b4a82554ad92.ioc	2.0 KB
db0b6ac6-874a-498e-892b-ac7c2020e061.ioc	7.9 KB
7b9e87c5-b619-4a13-b862-0145614d359a.ioc	6.4 KB
6bb9ce5b-94c1-4733-8bb8-dc5be775b190.ioc	9.1 KB
5a8d6878-2649-4ddc-a1f6-c98932a54f91.ioc	6.1 KB
548cfc54-42b9-48c6-a753-02e74246699b.ioc	4.4 KB
6037663c-680c-4a28-ad58-40622d206e1d.ioc	16.0 KB
60a6de64-7308-4af1-9003-dc23a73fdf01.ioc	2.1 KB
68505678-f820-48c5-9d13-fa0b3b8be190.ioc	3.5 KB
baa24c6a-a223-4919-b3e5-08c4809e434d.ioc	60.5 KB
b513e829-b023-426a-b7d4-accd511be3c0.ioc	3.7 KB
NetTraveler.ioc	48.9 KB
4fdb0f45-8151-4941-a9e1-a31e21000659.ioc	9.6 KB
SkyipotWyksol-Trojan.ioc	75.3 KB
Ramnit.ioc	16.1 KB
Operation-Troy.ioc	69.1 KB
README.md	0.2 KB
LICENSE	11.4 KB
Icefrog-APT.ioc	23.2 KB
ZeroAccessSiref.P.ioc	7.5 KB
a6c6dbf0-d72a-4f07-8b11-55527aef4755.ioc	1.3 KB
GeorBot.ioc	3.4 KB
Batchwiper.ioc	4.3 KB
Gh0st-RAT.ioc	22.6 KB
Operation-Red-October.ioc	40.7 KB
iocbucket_031920b99a51bae014d6f882c48fa594ccf99d61_apt 28 russia cyber espionage oldbait.ioc	1.9 KB
iocbucket_eb666b9fdb964500f9a67f45935c8ccee3d99a3a_duqu kaspersky.ioc	6.6 KB
fb0699e2-23a6-40f9-bf96-4514d629eec3.ioc	3.7 KB
2384c8ce-6eca-4d06-8aa4-151b53d9a6bc.ioc	6.8 KB
iocbucket_dcda86771553fa54820b22099277599cb479f702_mattulm.yara	0.4 KB
iocbucket_ce405547a0e213f1c53b55f05e5592617297df37_operation windigo.ioc	59.3 KB
iocbucket_13e5d0358dcecb0fc1fbb8b236990c0ae9572ec3_webc2-qbp (family).ioc	10.1 KB
iocbucket_4610c2e6f08fa7f2a29d219e8b3fdcaa5279168e_deep panda chinese apt.ioc	10.4 KB
iocbucket_4f8622cf3eaa9056fb5fc841b5e1297329b944ee_kronos banking trojan.ioc	6.1 KB
iocbucket_cdf7e4a7735d2505bd5c75ca5c23b50f57664ec2_ramnit rootkit.ioc	16.1 KB
0ae061d7-c624-4a84-8adf-00281b97797b.ioc	2.1 KB
0b879284-0c37-4bfa-9dd8-34505a9c5175.ioc	1.7 KB
0ff58bf9-1c07-42f6-b135-b18c139f631a.ioc	3.7 KB
113e561e-60d2-48db-979d-02f207550125.ioc	4.5 KB
Disabled-Sysadmin-Tools.ioc	10.0 KB
e598231d-8584-4535-a0de-94e822f04c0b.ioc	3.2 KB
eeffc8e8-caee-4fe1-8ace-7a994b5d893f.ioc	60.6 KB
iocbucket_08441c5d5f339359e526d6705465c30777092bda_xtreme rat.ioc	25.9 KB
/.../SIFT-Lab-Install/Windows Tools/Kansa-master/
.gitignore	0.1 KB
kansa.ps1	49.6 KB
contributing.md	2.3 KB
ToDo	1.3 KB
README.md	3.4 KB
MSLimitedPublicLicense.txt	3.2 KB
LICENSE	11.3 KB
/.../win7-64-nfury-memory/
win7-nfury-memory.mans	108.7 MB
win7-64-nfury-memory-raw.001	2.1 GB
win7-64-nfury-memory-raw.001.txt	1.3 KB
/.../Redline-Older-Versions/
Redline-1.12.msi	69.5 MB
Redline-1.13.msi	68.2 MB
Redline1.13_UserGuide.pdf	7.8 MB
/.../win7-64-nfury-c-drive/
win7-64-nfury-c-drive.E01	12.0 GB
win7-64-nfury-c-drive.E01.txt	1.8 KB
/.../SIFT-Lab-Install/IOC Editor/Additional IOCs/FIN4/
README.md	0.3 KB
MACROCHECK.yara	0.8 KB
fb0699e2-23a6-40f9-bf96-4514d629eec3.ioc	5.0 KB
/.../SIFT-Lab-Install/IOC Editor/Additional IOCs/APT3/
README.md	0.6 KB
db0b6ac6-874a-498e-892b-ac7c2020e061.ioc	9.8 KB
62f65dae-9475-44b0-a9eb-c1baebbd9885.ioc	3.6 KB
/.../SIFT-Lab-Install/IOC Editor/Additional IOCs/APT28/
e1cbf7ca-4938-4d3c-a7e6-3ff966516191.ioc	13.2 KB
bdf7929c-3f0b-4fdd-bcc5-b4a82554ad92.ioc	3.1 KB
a6c6dbf0-d72a-4f07-8b11-55527aef4755.ioc	2.3 KB
README.md	0.3 KB
0ff58bf9-1c07-42f6-b135-b18c139f631a.ioc	5.0 KB
a438caeb-96dd-4225-853c-fc5910980961.ioc	2.8 KB
/.../SIFT-Lab-Install/IOC Editor/Additional IOCs/APT12/
README.md	0.4 KB
2384c8ce-6eca-4d06-8aa4-151b53d9a6bc.ioc	8.7 KB
/.../SIFT-Lab-Install/IOC Editor/Additional IOCs/APT17/
7b9e87c5-b619-4a13-b862-0145614d359a.ioc	8.1 KB
README.md	0.4 KB
/.../SIFT-Lab-Install/IOC Editor/Additional IOCs/APT18/
README.md	0.3 KB
0ae061d7-c624-4a84-8adf-00281b97797b.ioc	3.1 KB
/.../SIFT-Lab-Install/IOC Editor/Additional IOCs/APT30/
README.md	0.3 KB
eeffc8e8-caee-4fe1-8ace-7a994b5d893f.ioc	70.9 KB
/.../SIFT-Lab-Install/Windows Tools/Kansa-master/Modules/
.gitignore	0.1 KB
Modules.conf	2.8 KB
default-template.ps1	4.3 KB
/.../xp-tdungan-incident-response/
autoruns-xp-tdungan.csv	232.7 KB
/.../win7-32-nromanoff-memory/
win7-32-nromanoff-memory-raw.txt	1.5 KB
win7-32-nromanoff-memory-raw.001	2.1 GB
/.../SIFT-Lab-Install/Windows Tools/Kansa-master/Analysis/
Get-LogparserStack.ps1	9.7 KB
Analysis.conf	1.8 KB
Deserialize-KansaField.ps1	5.1 KB
Resolve-WindowsGUID.ps1	42.4 KB
/.../SIFT-Lab-Install/IOC Editor/Additional IOCs/BlogPosts/
113e561e-60d2-48db-979d-02f207550125.ioc	5.8 KB
4fdb0f45-8151-4941-a9e1-a31e21000659.ioc	11.8 KB
6bb9ce5b-94c1-4733-8bb8-dc5be775b190.ioc	11.1 KB
6037663c-680c-4a28-ad58-40622d206e1d.ioc	19.2 KB
de99badf-b448-49e7-885a-4d8688ddf02d.ioc	29.0 KB
e598231d-8584-4535-a0de-94e822f04c0b.ioc	4.4 KB
0b879284-0c37-4bfa-9dd8-34505a9c5175.ioc	2.7 KB
9a7a6929-25ea-4254-a300-13fd6b39c490.ioc	9.0 KB
60a6de64-7308-4af1-9003-dc23a73fdf01.ioc	3.1 KB
5a8d6878-2649-4ddc-a1f6-c98932a54f91.ioc	7.6 KB
README.MD	1.9 KB
b513e829-b023-426a-b7d4-accd511be3c0.ioc	5.0 KB
operation_poisoned_handover.yara	0.7 KB
/.../SIFT-Lab-Install/Windows Tools/RegistryExplorer_RECmd/
RegistryExplorer.exe	40.7 MB
RegistryExplorerManual.pdf	4.7 MB
/.../win7-32-nromanoff-c-drive/
win7-32-nromanoff-c-drive.E01	9.7 GB
/.../win7-32-nromanoff-memory/
win7-32-nromanoff-memory-raw.001	2.1 GB
win7-32-nromanoff-memory-raw.txt	1.5 KB
/.../SIFT-Lab-Install/Windows Tools/Kansa-master/Modules/Log/
Get-OfficeMRU.ps1	1.6 KB
Get-RdpConnectionLogs.ps1	3.3 KB
Get-LogCBS.ps1	0.5 KB
Get-LogOpenSavePidlMRU.ps1	0.7 KB
Get-LogUserAssist.ps1	17.7 KB
Get-LogWinEvent.ps1	0.8 KB
/.../SIFT-Lab-Install/Windows Tools/Kansa-master/Modules/Net/
Get-Arp.ps1	1.2 KB
Get-WMIIETelemetry.ps1	1.3 KB
Get-DNSCache.ps1	4.6 KB
Get-Netstat.ps1	4.1 KB
Get-NetRoutes.ps1	0.2 KB
Get-NetIPInterfaces.ps1	0.2 KB
Get-SmbSession.ps1	0.3 KB
/.../SIFT-Lab-Install/Windows Tools/Kansa-master/Modules/IOC/
Get-Loki.ps1	2.0 KB
/.../xp-tdungan-c-drive/precooked/mbr/
mbr.001	0.5 KB
/.../win7-32-nromanoff-c-drive/
win7-32-nromanoff-c-drive.E01	9.7 GB
/.../SIFT-Lab-Install/Windows Tools/Kansa-master/Modules/bin/
sigcheck.exe	369.8 KB
fls.zip	2.4 MB
procdump.exe	591.5 KB
autorunsc.exe	629.4 KB
fls.exe	489.0 KB
Handle.exe	536.3 KB
.gitignore	0.1 KB
/.../SIFT-Lab-Install/Windows Tools/Kansa-master/Analysis/Net/
Get-NetstatStack.ps1	1.6 KB
Get-NetstatListenerStack.ps1	1.0 KB
Get-NetstatByProtoForeignIpStateComponentProcessStack.ps1	1.7 KB
Get-DNSCacheStack.ps1	0.6 KB
Get-ARPStack.ps1	0.7 KB
Get-NetstatDistinctLocal16IPv4.ps1	0.8 KB
Get-NetstatDistinctLocal24.ps1	0.8 KB
Get-NetstatForeign24sStack.ps1	1.6 KB
Get-NetstatForeign16sStack.ps1	1.7 KB
Get-NetstatForeignIpPortProcesStack.ps1	1.6 KB
Get-NetstatForeignIpProcess.ps1	1.5 KB
/.../SIFT-Lab-Install/Windows Tools/Kansa-master/Analysis/log/
Get-LogUserAssistValueByDate.ps1	0.8 KB
Get-LogUserAssistValueStack.ps1	0.7 KB
/.../SIFT-Lab-Install/Windows Tools/Kansa-master/Modules/ASEP/
Get-Autorunsc.ps1	1.8 KB
Get-AutorunscDeep.ps1	6.6 KB
Get-ImagePathExecutionOptions.ps1	0.6 KB
Get-SvcTrigs.ps1	3.3 KB
Get-SvcAll.ps1	0.3 KB
Get-Sigcheck.ps1	0.5 KB
Get-SigCheckRandomPath.ps1	1.8 KB
Get-SvcFail.ps1	2.1 KB
Get-WMIEvtConsumer.ps1	0.5 KB
Get-WMIFltConBind.ps1	0.3 KB
Get-WMIEvtFilter.ps1	0.6 KB
Get-PSProfiles.ps1	4.3 KB
/.../SIFT-Lab-Install/Windows Tools/Kansa-master/Modules/Disk/
Get-FilesByHashes.ps1	10.5 KB
Get-FilesByHash.ps1	10.0 KB
Get-FileHashes.ps1	10.3 KB
Get-FlsBodyfile.ps1	1.7 KB
Get-IOCsByPath.ps1	3.7 KB
Get-WebrootListing.ps1	3.6 KB
Get-TempDirListing.ps1	0.5 KB
Get-MasterFileTable.ps1	46.7 KB
Get-File.ps1	2.9 KB
Get-DiskUsage.ps1	0.5 KB
/.../xp-tdungan-memory/baseline-memory/
XPSP3x86-baseline.img	2.1 GB
/.../SIFT-Lab-Install/Windows Tools/Kansa-master/Analysis/asep/
Get-SvcStartNameStack.ps1	0.9 KB
Get-SvcFailStack.ps1	1.1 KB
Get-SvcFailCmdLineStack.ps1	0.8 KB
Get-ASEPImagePathLaunchStringMD5UnsignedTimeStack.ps1	1.2 KB
Get-SvcFailAllStack.ps1	0.9 KB
Get-SvcAllRunningAuto.ps1	0.3 KB
Get-ASEPImagePathLaunchStringMD5Stack.ps1	0.9 KB
Get-ASEPImagePathLaunchStringMD5UnsignedStack.ps1	1.0 KB
Get-ASEPImagePathLaunchStringPublisherStack.ps1	0.9 KB
Get-ASEPImagePathLaunchStringStack.ps1	0.9 KB
Get-SvcTrigStack.ps1	0.8 KB
Get-ASEPImagePathLaunchStringUnsignedStack.ps1	0.9 KB
Get-SvcAllStack.ps1	1.2 KB
/.../SIFT-Lab-Install/Windows Tools/Kansa-master/Analysis/meta/
Get-FileLengths.ps1	1.6 KB
Get-AllFileLengths.ps1	0.6 KB
/.../SIFT-Lab-Install/Windows Tools/Kansa-master/Analysis/disk/
Get-WebrootListingEntropyOutliers.ps1	4.3 KB
/.../win7-64-nfury-incident-response/
autoruns-win7-64-nfury.csv	374.5 KB
/.../SIFT-Lab-Install/Windows Tools/Kansa-master/Modules/Config/
Get-AMHealthStatus.ps1	0.6 KB
Get-Products.ps1	0.3 KB
Get-SharePermissions.ps1	2.1 KB
Get-SmbShare.ps1	0.3 KB
Get-PSDotNetVersion.ps1	1.0 KB
Get-LocalAdmins.ps1	0.4 KB
Get-CertStore.ps1	0.5 KB
Get-ClrVersion.ps1	1.4 KB
Get-Hotfix.ps1	0.6 KB
Get-IIS.ps1	0.9 KB
Get-AMInfectionStatus.ps1	0.7 KB
Get-GPResult.ps1	2.4 KB
/.../xp-tdungan-c-drive/precooked/hashes/
WinXPSP3x86.txt	1.1 MB
/.../xp-tdungan-c-drive/precooked/redline/
m-whitelist-1.0.txt	57.3 MB
xp_tdungan.mans	91.3 MB
/.../SIFT-Lab-Install/Windows Tools/Kansa-master/Modules/Process/
Get-PrefetchListing.ps1	0.8 KB
Get-ProcDump.ps1	2.9 KB
Get-Handle.ps1	2.7 KB
Get-FileHashes.ps1	9.9 KB
Get-PrefetchFiles.ps1	1.2 KB
Get-Tasklistv.ps1	0.6 KB
Get-RekalPslist.ps1	1.3 KB
Get-WMIRecentApps.ps1	3.4 KB
Get-ProcsNModules.ps1	2.9 KB
Get-ProcsWMI.ps1	2.6 KB
Get-Prox.ps1	0.5 KB
/.../SIFT-Lab-Install/Windows Tools/Kansa-master/Analysis/config/
Get-LocalAdminStack.ps1	0.7 KB
Get-AMInfectionStatus.ps1	1.4 KB
Get-AMHealthStatusStack.ps1	2.6 KB
/.../SIFT-Lab-Install/Windows Tools/RegistryExplorer_RECmd/RECmd/
NLog.config	0.8 KB
RECmd.exe	1.1 MB
/.../xp-tdungan-c-drive/precooked/timeline/
XP-TDUNGAN-TIMELINE-FINAL.xlsx	5.6 MB
TIMELINE_COLOR_TEMPLATE.xlsx	3.0 MB
TIMELINE_COLOR_TEMPLATE.zip	1.2 MB
LibreOffice-Howto-Supertimeline-Formatting.txt	0.2 KB
plaso.csv	32.5 MB
xp-tdungan-plaso.dump	100.7 MB
windows-tags.txt	2.5 KB
whitelist.txt	0.1 KB
timeliner.body	1.1 MB
timeline.csv	26.1 MB
filter_windows.txt	4.0 KB
/.../win2008R2-controller-memory/
win2008DC-Memory.mans	454.8 MB
win2008R2-controller-memory-raw.001	2.7 GB
win2008R2-controller-memory-raw.001.txt	1.4 KB
/.../SIFT-Lab-Install/Windows Tools/Kansa-master/Analysis/process/
Get-ProcsWMIProcessNameStack.ps1	0.6 KB
Get-ProcsWMISortByCreationDate.ps1	0.7 KB
Get-ProcsWMITempExePath.ps1	1.0 KB
Get-ProcsWMIPath.ps1	0.6 KB
Get-ProcsWMICmdlineStack.ps1	0.6 KB
Get-PrefetchListingLastWriteTime.ps1	0.8 KB
Get-PrefetchListingStack.ps1	0.7 KB
Get-ProcsWMICLIMD5Stack.ps1	0.7 KB
Get-ProxSystemStartTime.ps1	0.4 KB
Get-HandleProcessOwnerStack.ps1	0.7 KB
/.../SIFT-Lab-Install/Windows Tools/RegistryExplorer_RECmd/Plugins/
RegistryPlugin.7-ZipHistory.dll	8.2 KB
RegistryPlugin.RecentDocs.dll	12.8 KB
RegistryPlugin.CIDSizeMRU.dll	8.7 KB
RegistryPlugin.FileExts.dll	9.7 KB
RegistryPlugin.LastVisitedMRU.dll	9.7 KB
RegistryPlugin.FirstFolder.dll	9.7 KB
RegistryPlugin.RunMRU.dll	8.7 KB
RegistryPlugin.SAM.dll	11.3 KB
RegistryPlugin.OfficeMRU.dll	9.2 KB
RegistryPlugin.UserAssist.dll	8.7 KB
RegistryPlugin.TimeZoneInformation.dll	10.2 KB
RegistryPlugin.LastVisitedPidlMRU.dll	43.5 KB
RegistryPlugin.Ares.dll	11.3 KB
RegistryPlugin.OpenSaveMRU.dll	9.7 KB
RegistryPlugin.OpenSavePidlMRU.dll	43.5 KB
/.../win2008R2-controller-c-drive/
win2008R2-controller-c-drive.E01.txt	1.9 KB
win2008R2-controller-c-drive.E01	14.4 GB
/.../xp-tdungan-c-drive/precooked/volatility/
xp-tdungan-apihooks.txt	5.1 KB
zeus-apihooks.txt	383.0 KB
timeliner.body	1.1 MB
/.../SIFT-Lab-Install/Windows Tools/RegistryExplorer_RECmd/Settings/
Categories	0.2 KB
/.../win7-32-nromanoff-incident-response/
autoruns-win7-32-nromanoff.csv	311.5 KB
/.../win7-32-nromanoff-incident-response/
autoruns-win7-32-nromanoff.csv	311.5 KB
/.../xp-tdungan-c-drive/precooked/PEid-Signatues/
userdb.txt	490.6 KB
/.../xp-tdungan-c-drive/precooked/bulk-extractor/
bulk-extractor-output.zip	315.2 MB
/.../win7-32-nromanoff-memory/baseline-memory/
Win7SP1x86-baseline.img	2.1 GB
/.../SIFT-Lab-Install/Windows Tools/RegistryExplorer_RECmd/Bookmarks/Common/
Program execution_NtUser_MUICache_a51a8919-ffdd-4135-91fa-affac7f65bb5	0.3 KB
Program execution_NtUser_RunMRU_524957bc-0c7e-490c-a8cf-f6bce2e1e1b5	0.3 KB
Operating system_System_FilesNotToSnapshot_af3e091f-8598-43e1-9e19-39c1352a72ea	0.4 KB
User configuration_Software_StartMenuInternet_dc7c443e-51be-41c6-bd71-851c9d108ad6	0.3 KB
User configuration_NtUser_PrinterPorts_fe1bbde9-e2bc-4764-9948-3c3b8d8c2112	0.3 KB
User general_NtUser_CCleaner_ec48ddd3-4f09-4431-b388-7f5d18eaab43	0.2 KB
Program execution_NtUser_Sysinternals_a801be22-7473-4c4c-9a57-9dbc90bcbf7c	0.3 KB
Operating system_System_EventLog_e99f1b87-9f35-4876-a5c5-3c99b92e4bfd	0.3 KB
User configuration_Software_command_0054aabe-ed43-4485-b3ce-bc6490cfe81e	0.3 KB
Operating system_System_FileSystem_b20a0736-0d62-4a26-9539-a53ded5f152b	0.3 KB
Operating system_System_RDP-Tcp_6e9f18d0-7173-424c-b695-e8c2894ee110	0.3 KB
Operating system_System_VSS_7afab042-09fb-4f0f-ae3e-b3c58c93f83c	0.2 KB
Operating system_System_USB_d9ecec7b-e4c6-4c8d-9f65-2b971efbb4c4	0.2 KB
Program execution_NtUser_FileExts_03427bd9-675f-4564-9d7b-058e797a7cb6	0.3 KB
Operating system_System_{6bdd1fc6-810f-11d0-bec7-08002be2092f}_80aafc9b-f28d-41a8-929c-6c016c4b5bc0	0.4 KB
Operating system_System_Windows_d73fc227-8ea3-45e8-ac69-041a06a6c629	0.6 KB
Operating system_System_{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_18c3eafb-034d-49b6-9558-45b92416bf33	0.3 KB
Operating system_System_TimeZoneInformation_e16fbaa9-172c-4501-a55d-0cb4adb02cac	0.5 KB
User files and folders_UsrClass_BagMRU_237fdb41-7713-485d-94ab-f07f4c157356	0.3 KB
Operating system_System_Windows_29e05135-bc83-4332-a11b-ea3c357e4de5	0.2 KB
Operating system_System_PrefetchParameters_0f9651f6-3aa8-4bac-89aa-e57a73744ee2	0.4 KB
Operating system_System_SafeBoot_1da3ee50-90bf-49ed-9aa6-b97ba9948eee	0.3 KB
Operating system_System_Services_9a4c3785-ec1c-4248-8b0a-cc32a3578d67	0.3 KB
Operating system_System_Terminal Server_bc0da746-e8c5-465a-a70f-2779e7c914de	0.8 KB
Program execution_NtUser_FirstFolder_a640410c-d053-4966-ace5-36bc4b977c9a	0.3 KB
Operating system_System_Memory Management_15dc67bb-bf95-46ef-87db-e4e34e387125	0.3 KB
User files and folders_NtUser_MountPoints2_28014255-7733-4398-a859-dd76642a19c7	0.4 KB
User configuration_NtUser_CurrentVersion_b8239cb1-3e84-41ae-a156-ebabfadea7d1	0.3 KB
User configuration_NtUser_CurrentVersion_9fef0ee2-99c9-4131-bd77-3f28fad9f8c7	0.3 KB
Storage_System_{10497b1b-ba51-44e5-8318-a65c837b6661}_9fe29ea5-44f1-4d92-82a0-d6b1fb84ee34	0.5 KB
User configuration_NtUser_Internet Settings_57563b19-0d7b-4f61-a76a-5ec5dfecb7c4	0.3 KB
User network_NtUser_TeamViewer_6aa0d3cd-9926-4f23-bf9b-f675636944f0	0.2 KB
Program execution_NtUser_UserAssist_660a4ade-592f-4c64-bd85-8241378d0839	0.4 KB
User network_NtUser_FTP_013baa05-0d47-4db7-9dbd-d4cb6231dc90	0.2 KB
Storage_System_USBSTOR_3d1bc4ba-8eb2-4ec7-a4be-e6792505f999	0.3 KB
Storage_System_MountedDevices_0d010e87-8b14-4ce1-b084-e99b5ab9748c	0.3 KB
User files and folders_NtUser_ComDlg32_44d580cf-ef19-4749-b833-f787ac1b0220	0.3 KB
User files and folders_NtUser_Compression_d0e9ff87-f6be-47ec-888d-164cb58f19f3	0.3 KB
Software_Software_Internet Explorer_140f36ce-6571-4966-b6e4-641c30a9b9b1	0.3 KB
Software_Software_Products_a3ce0f6a-434d-4c2d-ba8f-16ce24209fe4	0.3 KB
Software_Software_Products_c6b061c4-df1d-477f-bcde-4846ec328c31	0.3 KB
User files and folders_NtUser_7-Zip_af7dfd06-6a98-4c8b-a795-bfb9f5ae407d	0.2 KB
Program execution_System_AppCompatCache_f1adf410-8700-4a83-bc2e-f53cededc03d	0.4 KB
User general_NtUser_WordWheelQuery_89ca3fef-d045-4ff2-8891-4c61cf6c30ea	0.3 KB
User files and folders_NtUser_User MRU_41e2c5c4-4da2-4b96-99ae-a4fb532f93d4	0.3 KB
User files and folders_NtUser_Shell Folders_feec11a9-1482-4629-a083-0caf2df99873	0.3 KB
User files and folders_NtUser_User MRU_6bbf4038-b3c6-4ba5-a4e1-d04d3166e675	0.3 KB
User files and folders_NtUser_User MRU_83fcbc4b-a0d4-40d2-b414-91ffa96d778c	0.3 KB
User files and folders_NtUser_WinRAR_204cf564-85f5-42b9-983f-d94a970e7374	0.2 KB
User files and folders_NtUser_RecentDocs_51af122a-734f-4b9b-8138-4633f67e0cad	0.3 KB
User network_NtUser_Ares_fe9bac6b-b1fd-4710-8579-80b31f4fe288	0.2 KB
User network_System_Shares_7794e865-4630-4703-ac0f-76e650314b01	0.2 KB
Web browsing_NtUser_TypedURLs_24aec1e0-f92a-49db-8ec0-8443a7bbd130	0.3 KB
User network_System_FirewallPolicy_6701136a-ccfb-476e-af28-d58543636ba4	0.3 KB
User files and folders_NtUser_FileHistory_2895d67d-8601-45df-9758-f72958482822	0.3 KB
User network_NtUser_Default_617e9fc6-565a-4986-a3fa-7e517fcbf6a3	0.3 KB
User files and folders_NtUser_Map Network Drive MRU_df6ed689-944a-46b1-a806-f5f78830429a	0.3 KB
Operating system_System_Environment_7044cf87-168f-4588-bae0-426632d08330	0.3 KB
Autoruns_UsrClass_VirtualStore_bac80d4f-92ed-41a6-bb70-9749bf17736e	0.2 KB
Network_Software_NetworkCards_3cfa462c-31d1-4ad6-8b47-98f281c50728	0.3 KB
Network_System_{4d36e972-e325-11ce-bfc1-08002be10318}_54796294-d279-4552-bda5-fe672b4ea675	0.3 KB
Operating system_NtUser_CD Burning_0f0005c8-7a16-4223-8a73-87dc0d307849	0.3 KB
Operating system_Sam_Users_58f6066e-53f0-43a7-823c-5679da0e4cd9	0.3 KB
Communication_NtUser_UnreadMail_d6d419d3-bc7c-4e6c-b73d-e1235c3a2943	0.3 KB
Communication_NtUser_TeamViewer_d32c0647-339c-4d4f-8282-daf26b927699	0.2 KB
Operating system_System_CrashControl_a4d38e6e-fa6e-4ceb-8a1f-b7b2f25bf573	0.4 KB
Autoruns_NtUser_Run_2ec3d165-3d58-417e-bf86-d30652b7b53a	0.3 KB
Autoruns_Software_Run_b747b395-acee-4576-9b52-a89349b8d831	0.3 KB
Operating system_Software_Channels_8ab43ae7-05ce-4c41-9c70-f77df5317e67	0.4 KB
Network_Software_LastConnect_1516cac4-ff62-4d2e-a9f5-a20815853b3e	0.3 KB
Operating system_Software_Image File Execution Options_59ddbb92-609a-44e8-9bb7-e1f5b797e397	0.7 KB
Operating system_Software_Winlogon_129b227e-57cd-400b-b370-4ef3d08f9627	0.3 KB
Operating system_System_ComputerName_f5259882-9906-413f-b845-b2bbca09ffeb	0.3 KB
Operating system_Software_Control Panel_7e993a1a-b5af-4247-8b34-6bbe13eb7f3c	0.4 KB
Operating system_Software_EMDMgmt_5c905164-7055-4422-a141-f8539d5ef4fe	0.4 KB
Operating system_Software_Windows Portable Devices_39661eda-1373-493a-b333-583c51c9e74b	0.3 KB
Operating system_Software_CurrentVersion_3d9483dc-d89c-423a-ae83-a57405d6a752	0.4 KB
Operating system_Software_Devices_121a3617-c512-4b5f-a770-11b1cdb19983	0.3 KB
Operating system_Software_CurrentVersion_0a017e3d-c0fe-40c9-84fb-8bcd45c96a7e	0.3 KB
/.../win7-32-nromanoff-memory/baseline-memory/
Win7SP1x86-baseline.img	2.1 GB
/.../xp-tdungan-c-drive/precooked/redline/APT1 - IOCS/
c32b8af3-28d0-47d3-801f-a2c2b0129650.ioc	25.3 KB
af5f65fc-e1ca-45db-88b1-6ccb7191ee6a.ioc	7.3 KB
c71b3305-85e5-4d51-b07c-ff227181fb5a.ioc	35.4 KB
c7fa2ea5-36d5-4a52-a6cf-ddc2257cb6f9.ioc	5.7 KB
ad521068-6f18-4ab1-899c-11007a18ec73.ioc	12.8 KB
8dd23e0a-a659-45b4-a168-67e4b00944fb.ioc	258.7 KB
9c9368cd-3a1f-4200-b093-adb97d5f1f5d.ioc	6.8 KB
a1f02cbe-7d37-4ff8-bad7-c5f9f7ea63a3.ioc	42.9 KB
a461f381-8612-4ce1-a0dc-68bcaca028d0.ioc	11.6 KB
a486d837-9f05-4360-908e-b4244c24723d.ioc	9.2 KB
ece1846e-98d3-4ddc-a520-0dcda4866989.ioc	7.2 KB
fabdf553-b3ed-4bc9-9ac6-13d6bd174dad.ioc	30.4 KB
fdfb2c22-d0c4-4bf0-8ea4-27d8d51f98ea.ioc	5.3 KB
86f988b7-fa02-46df-8e19-e50ce37f0fed.ioc	17.2 KB
eb91abad-afe0-4bd6-80f2-850d14a99308.ioc	23.9 KB
e928aac0-9f71-4adf-9978-4177345ec610.ioc	22.2 KB
d1c65316-cddd-4d9c-8efe-c539aa5965c0.ioc	31.6 KB
d4f103f8-c372-49d1-b9f4-e127d61d0639.ioc	12.0 KB
d5e49501-c30d-41ae-b381-c3c473040c39.ioc	29.3 KB
d8240090-affd-466e-a39c-64add5b98813.ioc	16.6 KB
d14d5f09-9050-4769-b00d-30fce9e6eb85.ioc	5.4 KB
8900aa6b-883d-48d3-a07d-d49b0429dd2b.ioc	4.8 KB
3e01b786-fe3a-4228-95fa-c3986e2353d6.ioc	4.0 KB
3433dad8-879e-40d9-98b3-92ddc75f0dcd.ioc	8.4 KB
4a2c5f60-f4c0-4844-ba1f-a14dac9fa36c.ioc	6.8 KB
4d1ced5f-fe47-4ba4-be0e-81d547f3aa8a.ioc	8.7 KB
5477b392-e565-45c5-9cb4-f561d6daeddc.ioc	5.7 KB
32b168e6-dbd6-4d56-ba2f-734553239efe.ioc	7.5 KB
2fc55747-6822-41d2-bcc1-387fc1b2e67b.ioc	8.1 KB
86e9b8ec-7413-453b-a932-b5fb95a8dba6.ioc	16.1 KB
0c7c902c-67f8-479c-9f44-4d985106365a.ioc	6.1 KB
2106f0d2-a260-4277-90ab-edd3455e31fa.ioc	19.2 KB
26213db6-9d3b-4a39-abeb-73656acb913e.ioc	10.3 KB
2bff223f-9e46-47a7-ac35-d35f8138a4c7.ioc	5.5 KB
547e4128-9dff-45d9-b90f-081ce3966dee.ioc	20.5 KB
12a40bf7-4834-49b0-a419-6abb5fe2b291.ioc	60.0 KB
7f9a6986-f00a-4071-99d3-484c9158beba.ioc	20.6 KB
84f04df2-25cd-4f59-a920-448d8843b6fc.ioc	6.5 KB
8695bb5e-29cd-41b9-b8b1-a0d20a6b960d.ioc	31.1 KB
56468547-6cf5-4c66-af56-2543d4271482.ioc	8.2 KB
7d2eaadf-a5ff-4199-996e-af6258874dad.ioc	6.0 KB
806beff3-7395-492e-be63-99a6b4a550b8.ioc	21.9 KB
7c739d52-c669-4d51-ac15-8ae66305e232.ioc	19.3 KB
61695156-298c-4d77-ad7f-48feb562fb75.ioc	4.5 KB
6bd24113-2922-4d25-b490-f727f47ba948.ioc	7.6 KB
6091c4ce-6d73-4202-a7a8-b52406fa4d77.ioc	10.1 KB
70b5be0c-8a94-44b4-97a4-1e95b09498a8.ioc	36.8 KB
/.../win2008R2-controller-incident-response/
autoruns-controller.csv	322.5 KB
/.../win7-32-nromanoff-c-drive/precooked/redline/
m-whitelist-1.0.txt	57.3 MB
nromanoff.mans	244.3 MB
/.../win7-32-nromanoff-c-drive/precooked/timeline/
supertimeline.csv	31.5 MB
plaso.dump	64.9 MB
timeliner.body	2.1 MB
win7-32-nromanoff-plaso.dump	64.9 MB
plaso.csv	42.6 MB
win7-32-nromanoff-bodyfile	54.8 MB
whitelist.txt	0.1 KB
nromanoff-mactime-timeline.csv	3.1 MB
LibreOffice-Howto-Supertimeline-Formatting.txt	0.2 KB
nromanoff-mactime-timeline-final.csv	1.2 MB
TIMELINE_COLOR_TEMPLATE.zip	243.4 KB
TIMELINE_COLOR_TEMPLATE.xlsx	566.3 KB
filter_windows.txt	4.0 KB
WIN7-NROMANOFF-TIMELINE-FINAL.xlsx	7.1 MB
/.../win7-32-nromanoff-c-drive/precooked/redline/
nromanoff.mans	244.3 MB
m-whitelist-1.0.txt	57.3 MB
/.../win7-32-nromanoff-c-drive/precooked/timeline/
WIN7-NROMANOFF-TIMELINE-FINAL.xlsx	7.1 MB
filter_windows.txt	4.0 KB
nromanoff-mactime-timeline-final.csv	1.2 MB
TIMELINE_COLOR_TEMPLATE.zip	243.4 KB
nromanoff-mactime-timeline.csv	3.1 MB
LibreOffice-Howto-Supertimeline-Formatting.txt	0.2 KB
TIMELINE_COLOR_TEMPLATE.xlsx	566.3 KB
timeliner.body	2.1 MB
whitelist.txt	0.1 KB
win7-32-nromanoff-bodyfile	54.8 MB
plaso.csv	42.6 MB
supertimeline.csv	31.5 MB
plaso.dump	64.9 MB
win7-32-nromanoff-plaso.dump	64.9 MB
/.../win7-32-nromanoff-c-drive/precooked/volatility/
zeus-apihooks.txt	383.0 KB
/.../SIFT-Lab-Install/Windows Tools/RegistryExplorer_RECmd/Plugins/AppCompatCache/
RegistryPlugin.AppCompatCache.dll	9.7 KB
AppCompatCache.dll	16.4 KB
/.../win7-32-nromanoff-c-drive/precooked/volatility/
zeus-apihooks.txt	383.0 KB
/.../win7-32-nromanoff-c-drive/precooked/volume-shadow/
vss-supertimeline.xlsx	23.7 MB
/.../win7-32-nromanoff-c-drive/precooked/PEid-Signatues/
userdb.txt	490.6 KB
/.../win7-32-nromanoff-c-drive/precooked/volume-shadow/
vss-supertimeline.xlsx	23.7 MB
/.../win7-32-nromanoff-c-drive/precooked/PEid-Signatues/
userdb.txt	490.6 KB
/.../xp-tdungan-Redline-Live-Audit/
mir.urlhistory.45562413.xml	689.3 KB
mir.w32drivers-modulelist.2448051b.xml	52.4 KB
mir.w32disks.2427162a.xml	1.9 KB
mir.w32apifiles.111f277c.xml	263.6 MB
mir.formhistory.2446280a.xml	29.9 KB
mir.w32prefetch.4d2a5d1e.xml	715.2 KB
mir.w32registryapi.727d315d.xml	241.0 MB
mir.w32processes-memory.60040847.xml	423.1 MB
mir.w32drivers-signature.480a2813.xml	1.4 MB
BatchResults.xml	104.7 KB
Issues.BatchResults.xml	0.3 KB
mir.cookiehistory.34173157.xml	906.7 KB
mir.w32tasks.00414040.xml	6.6 KB
mir.w32volumes.6a174b23.xml	1.4 KB
mir.w32systemrestore.05361a50.xml	59.6 MB
mir.w32system.09214d4d.xml	2.1 KB
mir.w32eventlogs.617a4e0f.xml	17.8 MB
mir.w32services.2b217c3a.xml	298.4 KB
mir.w32scripting-persistence.35320a21.xml	19.5 MB
mir.w32useraccounts.263b7301.xml	6.0 KB
mir.w32hivelist.3a064c04.xml	10.1 KB
mir.w32network-dns.64125a55.xml	2.2 KB
mir.w32ports.715a275c.xml	11.3 KB
mir.w32network-route.33247828.xml	3.7 KB
mir.w32kernel-hookdetection.1b6f5266.xml	266.6 KB
mir.w32network-arp.1c4d1932.xml	1.4 KB
/.../win7-32-nromanoff-c-drive/precooked/redline/APT1 - IOCS/
32b168e6-dbd6-4d56-ba2f-734553239efe.ioc	7.5 KB
3433dad8-879e-40d9-98b3-92ddc75f0dcd.ioc	8.4 KB
4a2c5f60-f4c0-4844-ba1f-a14dac9fa36c.ioc	6.8 KB
3e01b786-fe3a-4228-95fa-c3986e2353d6.ioc	4.0 KB
2bff223f-9e46-47a7-ac35-d35f8138a4c7.ioc	5.5 KB
86e9b8ec-7413-453b-a932-b5fb95a8dba6.ioc	16.1 KB
4d1ced5f-fe47-4ba4-be0e-81d547f3aa8a.ioc	8.7 KB
26213db6-9d3b-4a39-abeb-73656acb913e.ioc	10.3 KB
2fc55747-6822-41d2-bcc1-387fc1b2e67b.ioc	8.1 KB
61695156-298c-4d77-ad7f-48feb562fb75.ioc	4.5 KB
806beff3-7395-492e-be63-99a6b4a550b8.ioc	21.9 KB
7f9a6986-f00a-4071-99d3-484c9158beba.ioc	20.6 KB
84f04df2-25cd-4f59-a920-448d8843b6fc.ioc	6.5 KB
8695bb5e-29cd-41b9-b8b1-a0d20a6b960d.ioc	31.1 KB
2106f0d2-a260-4277-90ab-edd3455e31fa.ioc	19.2 KB
7d2eaadf-a5ff-4199-996e-af6258874dad.ioc	6.0 KB
7c739d52-c669-4d51-ac15-8ae66305e232.ioc	19.3 KB
56468547-6cf5-4c66-af56-2543d4271482.ioc	8.2 KB
547e4128-9dff-45d9-b90f-081ce3966dee.ioc	20.5 KB
6091c4ce-6d73-4202-a7a8-b52406fa4d77.ioc	10.1 KB
6bd24113-2922-4d25-b490-f727f47ba948.ioc	7.6 KB
70b5be0c-8a94-44b4-97a4-1e95b09498a8.ioc	36.8 KB
5477b392-e565-45c5-9cb4-f561d6daeddc.ioc	5.7 KB
d1c65316-cddd-4d9c-8efe-c539aa5965c0.ioc	31.6 KB
d8240090-affd-466e-a39c-64add5b98813.ioc	16.6 KB
d5e49501-c30d-41ae-b381-c3c473040c39.ioc	29.3 KB
d4f103f8-c372-49d1-b9f4-e127d61d0639.ioc	12.0 KB
d14d5f09-9050-4769-b00d-30fce9e6eb85.ioc	5.4 KB
e928aac0-9f71-4adf-9978-4177345ec610.ioc	22.2 KB
eb91abad-afe0-4bd6-80f2-850d14a99308.ioc	23.9 KB
86f988b7-fa02-46df-8e19-e50ce37f0fed.ioc	17.2 KB
fdfb2c22-d0c4-4bf0-8ea4-27d8d51f98ea.ioc	5.3 KB
fabdf553-b3ed-4bc9-9ac6-13d6bd174dad.ioc	30.4 KB
ece1846e-98d3-4ddc-a520-0dcda4866989.ioc	7.2 KB
c7fa2ea5-36d5-4a52-a6cf-ddc2257cb6f9.ioc	5.7 KB
c71b3305-85e5-4d51-b07c-ff227181fb5a.ioc	35.4 KB
9c9368cd-3a1f-4200-b093-adb97d5f1f5d.ioc	6.8 KB
8dd23e0a-a659-45b4-a168-67e4b00944fb.ioc	258.7 KB
8900aa6b-883d-48d3-a07d-d49b0429dd2b.ioc	4.8 KB
0c7c902c-67f8-479c-9f44-4d985106365a.ioc	6.1 KB
a1f02cbe-7d37-4ff8-bad7-c5f9f7ea63a3.ioc	42.9 KB
a461f381-8612-4ce1-a0dc-68bcaca028d0.ioc	11.6 KB
c32b8af3-28d0-47d3-801f-a2c2b0129650.ioc	25.3 KB
af5f65fc-e1ca-45db-88b1-6ccb7191ee6a.ioc	7.3 KB
ad521068-6f18-4ab1-899c-11007a18ec73.ioc	12.8 KB
a486d837-9f05-4360-908e-b4244c24723d.ioc	9.2 KB
12a40bf7-4834-49b0-a419-6abb5fe2b291.ioc	60.0 KB
/.../win7-32-nromanoff-c-drive/precooked/redline/APT1 - IOCS/
c7fa2ea5-36d5-4a52-a6cf-ddc2257cb6f9.ioc	5.7 KB
a461f381-8612-4ce1-a0dc-68bcaca028d0.ioc	11.6 KB
a486d837-9f05-4360-908e-b4244c24723d.ioc	9.2 KB
ad521068-6f18-4ab1-899c-11007a18ec73.ioc	12.8 KB
af5f65fc-e1ca-45db-88b1-6ccb7191ee6a.ioc	7.3 KB
a1f02cbe-7d37-4ff8-bad7-c5f9f7ea63a3.ioc	42.9 KB
9c9368cd-3a1f-4200-b093-adb97d5f1f5d.ioc	6.8 KB
86e9b8ec-7413-453b-a932-b5fb95a8dba6.ioc	16.1 KB
86f988b7-fa02-46df-8e19-e50ce37f0fed.ioc	17.2 KB
8900aa6b-883d-48d3-a07d-d49b0429dd2b.ioc	4.8 KB
8dd23e0a-a659-45b4-a168-67e4b00944fb.ioc	258.7 KB
c32b8af3-28d0-47d3-801f-a2c2b0129650.ioc	25.3 KB
c71b3305-85e5-4d51-b07c-ff227181fb5a.ioc	35.4 KB
eb91abad-afe0-4bd6-80f2-850d14a99308.ioc	23.9 KB
ece1846e-98d3-4ddc-a520-0dcda4866989.ioc	7.2 KB
fabdf553-b3ed-4bc9-9ac6-13d6bd174dad.ioc	30.4 KB
fdfb2c22-d0c4-4bf0-8ea4-27d8d51f98ea.ioc	5.3 KB
e928aac0-9f71-4adf-9978-4177345ec610.ioc	22.2 KB
d8240090-affd-466e-a39c-64add5b98813.ioc	16.6 KB
d14d5f09-9050-4769-b00d-30fce9e6eb85.ioc	5.4 KB
d1c65316-cddd-4d9c-8efe-c539aa5965c0.ioc	31.6 KB
d4f103f8-c372-49d1-b9f4-e127d61d0639.ioc	12.0 KB
d5e49501-c30d-41ae-b381-c3c473040c39.ioc	29.3 KB
8695bb5e-29cd-41b9-b8b1-a0d20a6b960d.ioc	31.1 KB
84f04df2-25cd-4f59-a920-448d8843b6fc.ioc	6.5 KB
3433dad8-879e-40d9-98b3-92ddc75f0dcd.ioc	8.4 KB
3e01b786-fe3a-4228-95fa-c3986e2353d6.ioc	4.0 KB
4a2c5f60-f4c0-4844-ba1f-a14dac9fa36c.ioc	6.8 KB
4d1ced5f-fe47-4ba4-be0e-81d547f3aa8a.ioc	8.7 KB
32b168e6-dbd6-4d56-ba2f-734553239efe.ioc	7.5 KB
2fc55747-6822-41d2-bcc1-387fc1b2e67b.ioc	8.1 KB
12a40bf7-4834-49b0-a419-6abb5fe2b291.ioc	60.0 KB
2106f0d2-a260-4277-90ab-edd3455e31fa.ioc	19.2 KB
26213db6-9d3b-4a39-abeb-73656acb913e.ioc	10.3 KB
2bff223f-9e46-47a7-ac35-d35f8138a4c7.ioc	5.5 KB
5477b392-e565-45c5-9cb4-f561d6daeddc.ioc	5.7 KB
547e4128-9dff-45d9-b90f-081ce3966dee.ioc	20.5 KB
7c739d52-c669-4d51-ac15-8ae66305e232.ioc	19.3 KB
7d2eaadf-a5ff-4199-996e-af6258874dad.ioc	6.0 KB
7f9a6986-f00a-4071-99d3-484c9158beba.ioc	20.6 KB
806beff3-7395-492e-be63-99a6b4a550b8.ioc	21.9 KB
70b5be0c-8a94-44b4-97a4-1e95b09498a8.ioc	36.8 KB
6bd24113-2922-4d25-b490-f727f47ba948.ioc	7.6 KB
56468547-6cf5-4c66-af56-2543d4271482.ioc	8.2 KB
6091c4ce-6d73-4202-a7a8-b52406fa4d77.ioc	10.1 KB
61695156-298c-4d77-ad7f-48feb562fb75.ioc	4.5 KB
0c7c902c-67f8-479c-9f44-4d985106365a.ioc	6.1 KB
Total files 779