Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Module Winscp Session registry key extraction #962

Merged
merged 8 commits into from
Sep 1, 2024
Merged

Module Winscp Session registry key extraction #962

merged 8 commits into from
Sep 1, 2024

Conversation

vxsh4d0w
Copy link
Contributor

Description

Please include a summary of the change and (if applicable) which issue is fixed.

Checklist:

Please replace every instance of [ ] with [X] OR click on the checkboxes after you submit your PR

  • I have generated a unique GUID for my Target(s)/Module(s)
  • I have placed the Target(s)/Module(s) in an appropriate subfolder in Targets or Modules. If one doesn't exist, I have either added it to the Misc folder or created a relevant subfolder with justification
  • I have set or updated the version of my Target(s)/Module(s)
  • I have verified that KAPE parses the Target(s)/Module(s) successfully via kape.exe, using --tlist/--mlist and corrected any errors
  • I have validated my Target(s)/Module(s) against test data and verified they are working as intended
  • I have made an attempt to document the artifacts within the Target(s) or Module(s) I am submitting. If documentation doesn't exist, I have placed N/A underneath the Documentation header
  • For Targets, I have consulted either the Target Guide, Target Template, Compound Target Guide, or Compound Target Template to ensure my Target(s) follow the same format
  • For Modules, I have consulted either the Module Guide, Module Template, Compound Module Guide, or Compound Module Template to ensure my Module(s) follow the same format

If your submission involves an SQLite database, have you considered making an SQLECmd Map for the SQLite database? If you make a Map, please add the SQLite database to the SQLiteDatabases.tkape Compound Target.

Thank you for your submission and for contributing to the DFIR community!

vxsh4d0w
vxsh4d0w commented Aug 31, 2024
View reviewed changes
Copy link
Contributor Author

@vxsh4d0w vxsh4d0w left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed typo errors

vxsh4d0w
vxsh4d0w commented Aug 31, 2024
View reviewed changes
Copy link
Contributor Author

@vxsh4d0w vxsh4d0w left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed Typo error

vxsh4d0w
vxsh4d0w commented Aug 31, 2024
View reviewed changes
Copy link
Contributor Author

@vxsh4d0w vxsh4d0w left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix Typo Error

@AndrewRathbun AndrewRathbun self-assigned this Aug 31, 2024
@AndrewRathbun
Copy link
Collaborator

Is there any chance you want to add this to the DFIRBatch file?

https://github.com/EricZimmerman/RECmd/blob/master/BatchExamples/DFIRBatch.reb

@vxsh4d0w
Copy link
Contributor Author

vxsh4d0w commented Aug 31, 2024
edited
Loading

Is there any chance you want to add this to the DFIRBatch file?

https://github.com/EricZimmerman/RECmd/blob/master/BatchExamples/DFIRBatch.reb

@AndrewRathbun Let's do it :)

@AndrewRathbun AndrewRathbun mentioned this pull request Sep 1, 2024
Closed
@AndrewRathbun AndrewRathbun merged commit 86db557 into EricZimmerman:master Sep 1, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AndrewRathbun AndrewRathbun AndrewRathbun approved these changes

Assignees

@AndrewRathbun AndrewRathbun

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vxsh4d0w @AndrewRathbun