[SANS ISC] Update: mac-robber.py, (Sun, Jun 13th)

Almost 4 years ago, I wrote a python version of mac-robber. I use it fairly regularly at $dayjob. This past week, one of my co-workers was using it, but realized that it hashes large files a little too slowly. He decided to use mac-robber.py to collect the MAC times and do the hashing separately so he could limit the hashes to to files under a certain size. That sounded reasonable, so I’ve added a switch (-s or –size). If hashing is turned on the new switch will limit the hashing to files under the given size.

To see it in action, see the next figure.

I hope others find this new feature useful. If anyone has more suggestions for new features, you can let me know via comments here, e-mail, or our contact form. The tool can be found at the same place as before: 

https://github.com/att/docker-forensics/blob/master/mac-robber.py

—————
Jim Clausing, GIAC GSE #26
jclausing –at– isc [dot] sans (dot) edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[ZDNet] Singapore SMBs keen on cyber insurance, concern about data security

All posts, ZDNet

Often lacking in resources, small and midsize businesses see cyber insurance as a way to balance cost and the need to safeguard their infrastructure, especially as data leaks are their biggest worry. Source: Read More (Latest topics for ZDNet in Security)

Read More

[BleepingComputer] Windows 10 KB5003214 update causes taskbar display glitches

The latest¬†Windows 10 2004, 20H2, and 21H1 preview update is causing display issues and glitches on the taskbar’s system tray. […] Source: Read More (BleepingComputer)

Read More

[ZDNet] Druva’s ‘curated recovery’ aimed at faster ransomware incident resolution

All posts, ZDNet

New addition to security platform recovers individual files in their most recent ‘clean’ state. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.