I hereby claim:
- I am 505forensics on github.
- I am 505forensics (https://keybase.io/505forensics) on keybase.
- I have a public key whose fingerprint is 4304 F765 0D80 E2FA 4DF6 DAF1 81AB ADD2 E43B E230
To claim this, I am signing this object:
bromiley
/ keybase.md
Created
March 11, 2016 14:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0000000: 4649 4c45 3000 0300 c655 43d7 0100 0000 FILE0....UC..... | |
| 0000010: 0100 0100 3800 0100 a801 0000 0004 0000 ....8........... | |
| 0000020: 0000 0000 0000 0000 0600 0000 0000 0000 ................ | |
| 0000030: da00 2588 0000 0000 1000 0000 6000 0000 ..%.........`... | |
| 0000040: 0000 1800 0000 0000 4800 0000 1800 0000 ........H....... | |
| 0000050: e6f7 c6f0 fd80 cb01 e6f7 c6f0 fd80 cb01 ................ | |
| 0000060: e6f7 c6f0 fd80 cb01 e6f7 c6f0 fd80 cb01 ................ | |
| 0000070: 0600 0000 0000 0000 0000 0000 0000 0000 ................ | |
| 0000080: 0000 0000 0001 0000 0000 0000 0000 0000 ................ | |
| 0000090: 0000 0000 0000 0000 3000 0000 6800 0000 ........0...h... |
bromiley
/ gist:c14d47fb9121a3920adac91ad72a02eb
Created
February 3, 2017 18:07
$MFT Attribute Header
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0000000: 1000 0000 6000 0000 0000 1800 0000 0000 ....`........... |
bromiley
/ keybase.md
Created
August 6, 2018 21:22
I hereby claim:
- I am bromiley on github.
- I am 505forensics (https://keybase.io/505forensics) on keybase.
- I have a public key ASBPssBA9wgazdnbpV_tfY3BLP5JKEDiNnXhhCJ5-39zjgo
To claim this, I am signing this object:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class CaseTask(JSONSerializable): | |
| def __init__(self, **attributes): | |
| if attributes.get('json', False): | |
| attributes = attributes['json'] | |
| self.title = attributes.get('title', None) | |
| self.status = attributes.get('status', 'Waiting') | |
| self.flag = attributes.get('flag', False) | |
| self.description = attributes.get('description', None) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| with open(sys.argv[1]) as f: | |
| for line in f: | |
| j = json.loads(line) | |
| task = CaseTask( | |
| title = j['title_data'], | |
| description = j['description_data'], | |
| group = j['group_data'] | |
| ) | |
| api.create_case_task(<case_id>, task) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # -*- coding: utf-8 -*- | |
| """ | |
| task_import.py - A script to ingest a mass data set and create tasks out of it. | |
| Author: Matt Bromiley (@mbromileyDFIR) | |
| To Do: | |
| """ |