Erik
@Schamperr
Followers
244
Following
95
Media
0
Statuses
45
Joined December 2009
RT @foxit: 🚀 Our open-source Dissect project now supports reading Fortinet firmware files! 🛡️ Easily mount, browse or dump FortiGate firmwa….
0
7
0
RT @foxit: Read our latest blog to find out how our Security Research Team reverse-engineered Windows Defender to uncover previously undocu….
blog.fox-it.com
Max Groot & Erik Schamper TL;DR Windows Defender (the antivirus shipped with standard installations of Windows) places malicious files into quarantine upon detection. Reverse engineering mpengi…
0
41
0
RT @foxit: In addition: we're proud to announce the release of Dissect 3.8.1!. One of the new exciting features is preliminary support for….
0
5
0
Includes a triage script for Citrix Netscaler disk images, nicely highlighting the flexibility of Dissect!.
🚨Fox-IT and @DIVDnl have revealed that a exploitation campaign targeting Citrix NetScalers has backdoored approximately 2K NetScalers worldwide! Check your NetScalers for indicators of compromise, even after patching CVE-2023-3519!🔒.🔗blog:
0
2
14
RT @_dirkjan: Now up at @BlackHatEvents Arsenal are @Schamperr and @Horofic to demonstrate the dissect forensic framework .
0
12
0
RT @PeterRydzynski: @YunZhengHu Thanks for making me laugh out loud while at work this week! .
0
3
0
RT @foxit: While we wait for the PR to merge dissect.esedb support into #Impacket, you can already enjoy a 500-1000% performance bump yours….
github.com
A Dissect module implementing a parser for Microsofts Extensible Storage Engine Database (ESEDB), used for example in Active Directory, Exchange and Windows Update. - fox-it/dissect.esedb
0
12
0
RT @foxit: Attention digital forensics and IR specialists!. Dissect Release 3.5 is here with new plugins for virus scanner logs, package ma….
github.com
Highlights New plugins for parsing: Trend Micro Worry-Free AV and firewall logs McAfee AV and firewall logs (SQLite) Apt, yum and zypper package manager files NGINX, Apache and Caddy webserver lo...
0
7
0
RT @SANSEMEA: 🎙️ #CyberThreat22 attendees, we are live with @Schamperr & @lennarthaagsma presenting Enterprise IR: live free, live large.….
0
4
0
RT @YunZhengHu: In this blog post, we share our research on version identification of Citrix ADC and Gateway servers and how we measured th….
blog.fox-it.com
Authored by Yun Zheng Hu Recently, two critical vulnerabilities were reported in Citrix ADC and Citrix Gateway; where one of them was being exploited in the wild by a threat actor. Due to these vul…
0
36
0
RT @sud0woodo: small write-up of one of the angles we used researching CVE-2022-42475 at DIVD, leveraging dissect to speed up the process….
0
6
0
RT @13CubedDFIR: Merry Christmas 🎄! Here’s a new 13Cubed episode about Dissect -- a powerful, now open source, IR framework. Enjoy! https:/….
0
25
0
All the discussed parsers (also for VMFS) are open-source and can be found at and
github.com
Dissect module implementing a parser for the VMFS file system, used by VMware virtualization software. - fox-it/dissect.vmfs
0
0
2
One of the capabilities that Dissect gave us is data acquisition from the hypervisor. I’ve written a blog post that summarizes how it works and what I had to do to make that possible!.
1
5
15
RT @_dirkjan: Fox-IT just open sourced their enterprise forensics tooling dissect. This is a big project that some of the smartest people I….
0
597
0
Excited to have finally open-sourced Dissect today! Read more about it at the documentation and install it for yourself with “pip install dissect”! .
0
2
20
RT @foxit: Join us for a webinar on Dissect, Fox-IT’s in-house developed enterprise-scale forensics framework for data acquisition and anal….
0
13
0
RT @virusbtn: The NCC Group's @Schamperr describes how to parse the CIT (Customer Interaction Tracker) database on older Windows versions,….
0
8
0
RT @JamesAtack: I like where this talk is going @Schamperr / @foxit .Collect your forensic artefacts at the hypervisor.#FIRSTAMS2022 https:….
0
1
0