Skip to content
#

dfir

Star

Here are 382 public repositories matching this topic...

Language: All
Filter by language
All 382 Python 150 PowerShell 44 Shell 24 Go 19 HTML 14 C 8 Batchfile 6 C# 6 Ruby 6 C++ 5
Sort: Best match
Sort options
Best match Most stars Fewest stars Most forks Fewest forks Recently updated Least recently updated

zeek / zeek

Star 4.3k
Open

Bypassing Zeek's file extraction processor by twisting Content-Type

1
mabj
mabj commented Sep 24, 2021

Hello Zeek's community!

Zeek (master and 4.1) corrupts extracted PE executable from an HTTP response if the request has a non-expected Content-Type. Here is a proof-of-concept PCAP with two HTTP responses returning the same file but with different Content-Types. The first one with the right Content-Type "application/x-msdownload" and another one with "message/rfc822".

Zeek extracts the f

Read more
good first issue Type: Bug 🐛 Area: File Analysis Area: Protocol Analysis
Find more good first issues
timesketch

google / timesketch

Star 1.9k
Open

CSV with wrong extension is not stopped on UI side

12
jaegeral
jaegeral commented Dec 1, 2021

https://github.com/google/timesketch/blob/fce0f54e20d9385b264f2401079dbeb5ad773a38/timesketch/frontend/src/components/Common/UploadForm.vue#L124

Uploading a foobar.txt file that has CSV content would still get uploaded and errored out on the backend side, even if the Client JS should error out already.

Request Method: POST
Status Code: 500
Read more
Bug Good first issue UI/UX Small effort
Find more good first issues

olafhartong / sysmon-modular

Sponsor
Star 1.7k

Improve this page

Add a description, image, and links to the dfir topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the dfir topic, visit your repo's landing page and select "manage topics."

Learn more