LiFTeR: Changes for July 14, 2021
- hindsight-2021.04.26-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm -
Hindsight is a free tool for analyzing web artifacts.
It started with the browsing history of the Google Chrome web browser and has expanded to support other Chromium-based applications.
Hindsight can parse a number of different types of web artifacts, including URLs, download history, cache records, bookmarks, autofill records, saved passwords,
preferences, browser extensions, HTTP cookies, and Local Storage records (HTML5 cookies).
Once the data is extracted from each file, it is correlated with data from other history files and placed in a timeline.
Please note that hindsight is implemented as Python Virtual Environments with wrapper shell script that is installed in /usr/bin. This means that you need to conifugre pip's /etc/pip.conf if your system is located behind a proxy server. This configuration should be completed before hindsight is installed.
- python3-elasticsearch-7.13.3-1.{fc32,fc33,fc34,el8}.x86_64.rpm and python36-elasticsearch-7.13.3-1.el7.x86_64.rpm -
ElasticSearch is the official low-level client for Elasticsearch.
Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
- python{2,3}-cffi-1.14.6-1.el8.x86_64.rpm and cffi-doc-1.14.6-1.el8.noarch.rpm -
Python-CFFI is a C Foreign Function Interface for Python.
Interact with almost any C code from Python, based on C-like declarations that you can often copy-paste from header files or documentation.
- Volatility3-1.1.1-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm -
Volatility 3 is a completely open collection of tools,
implemented in Python under the Volatility Software License,
for the extraction of digital artifacts from volatile memory (RAM) samples.
This release is the version of Volatility 3 which can be found here.
- ghidra-10.0.1-PUBLIC_20210708.1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm -
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms
including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features.
Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes.
Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
See the list of changes and improvement
here.
- CERT-Forensics-Tools-1.0-95.{fc32,fc33,fc34,el7,el8}.x86_64.rpm -
This relese does the following:
- Added Hindsight.
- python36-requests-2.26.0-1.el7.x86_64.rpm -
Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings.
Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web.
It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
- zeek{,-core,ctl,-debugsource,-devel,-libcaf-devel}-4.0.3-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm, and libbroker-devel-4.0.1-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm -
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
See here for the changes for all versions of Zeek.
Zeek was originally developed by Vern Paxson. Robin Sommer now leads the project, jointly with a core team of researchers and developers at the International Computer Science Institute in Berkeley, CA; and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: zeek packages install files in /opt/zeek. To use these files, add the following to your ~/.bashrc file:
[[ -d /opt/zeek/bin && ! "$PATH" =~ /opt/zeek/bin ]] && PATH=$PATH:/opt/zeek/bin
[[ -d /opt/zeek/share/man && ! "$MANPATH" =~ /opt/zeek/share/man ]] && MANPATH=$MANPATH:/opt/zeek/share/man
Then run:
. ~/.bashrc
- fmem-kernel-modules-fc34-x86_64-1.6-1.11.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.12.14-300 for FC34
- lime-kernel-modules-fc34-x86_64-1.9.1-11.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.12.14-300 for FC34
- fmem-kernel-modules-fc33-x86_64-1.6-1.32.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.12.14-200 for FC33
- lime-kernel-modules-fc33-x86_64-1.9.1-32.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.12.14-200 for FC33