Search the Community

Aleph is a tool for indexing large amounts of both documents (PDF, Word, HTML) and structured (CSV, XLS, SQL) data for easy browsing and search. It is built with investigative reporting as a primary use case. Aleph allows cross-referencing mentions of well-known entities (such as people and companies) against watchlists, e.g. from prior research or public datasets. Here are some key features: Web-based search across large document and data sets. Imports many file formats, including popular office formats, spreadsheets, email and zipped archives. Processing includes optical character recognition, language and encoding detection and named entity extraction. Load structured entity graph data from databases and CSV files. This allows navigation of complex datasets like companies registries, sanctions lists or procurement data. Import tools for OpenSanctions. are included. Receive notifications for new search matches with a personal watchlist. OAuth authorization and access control on a per-source and per-watchlist basis. Changelog v3.12.7 RC1 Bump urllib3 from 1.26.10 to 1.26.11 by @dependabot in #2417 Bump followthemoney from 3.0.2 to 3.0.3 by @dependabot in #2418 removed code smell of function args with mutable defaults by @brassy-endomorph in #2436 Bump normality from 2.3.3 to 2.4.0 by @dependabot in #2430 Switch to rabbitmq based task queue by @sunu in #2199 Remove the public access disabled message by @sunu in #2408 Fix timelines editor by @tillprochaska in #2457 Bump sqlalchemy from 1.4.39 to 1.4.40 by @dependabot in #2455 Make the hide filter button persistent by @Rosencrantz in #2459 Bump jsonschema from 4.7.2 to 4.9.1 by @dependabot in #2443 Quickfix: Set the max_analyzed_offset setting to prevent ES errors by @sunu in #2474 Display highlights in document plaintext view mode by @tillprochaska in #2388 Bump react-dropzone from 11.7.1 to 14.2.2 in /ui by @dependabot in #2375 Bump axios from 0.25.0 to 0.27.2 in /ui by @dependabot in #2250 Bump yaml from 1.10.2 to 2.1.1 in /ui by @dependabot in #2291 Bump urllib3 from 1.26.11 to 1.26.12 by @dependabot in #2479 Fix activation screen by @tillprochaska in #2506 Fix date helper by @tillprochaska in #2490 Till/2400 message banner by @tillprochaska in #2421 Bump uuid from 8.3.2 to 9.0.0 in /ui by @dependabot in #2510 Bump authlib from 0.15.5 to 1.1.0 by @dependabot in #2518 Bump jsonschema from 4.9.1 to 4.16.0 by @dependabot in #2508 Bump sqlalchemy from 1.4.40 to 1.4.41 by @dependabot in #2503 Bump black from 22.6.0 to 22.8.0 by @dependabot in #2493 Update pyjwt requirement from <2.5.0,>=2.0.1 to >=2.0.1,<2.6.0 by @dependabot in #2522 Rollback RabitMQ based task queue changes by @sunu in #2536 change contact to new form by @jlstro in #2541 Bump servicelayer[amazon,google] from 1.20.0 to 1.20.4 by @dependabot in #2537 Bump ftm and ftm-compare by @Rosencrantz in #2544 added ability to set custom settings via env vars by @brassy-endomorph in #2538 Bump servicelayer[amazon,google] from 1.20.4 to 1.20.5 by @dependabot in #2545 [hide][Hidden Content]]

dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger and an assembly editor (and more) and can be easily extended by writing your own extension. It uses dnlib to read and write assemblies so it can handle obfuscated assemblies (eg. malware) without crashing. Features Open Source (GPLv3) and Free Forever (:TM:) Assembly Editor Use C# or Visual Basic to edit any method, property and event Code editor has IntelliSense (code completion, signature help, quick info) Whole classes can be added to assemblies by adding C# and Visual Basic code Edit all metadata of types (classes), methods, properties, events, fields Add, remove, rename any type (class), method, property, event, field Edit, add, remove .NET resources and save them to disk The IL editor allows editing method bodies at the IL level: IL instructions, locals, exception handlers Debugger Debug any .NET assembly, no source code required Set breakpoints in any assembly, including framework assemblies, assemblies in the GAC and assemblies existing only in memory Memory window Output window Attach to process Locals window raw contents of locals (eg. decrypted byte arrays) can be saved to disk Call Stack window Threads window Modules window Modules (eg. decrypted in-memory modules) can be saved to disk Exception Settings Can debug dynamic assemblies Debugging CoreCLR assemblies is supported Decompile to C#, Visual Basic, IL Themes: blue, dark, light (and high contrast) Supports smaller screens (eg. laptops) Line height can be optimized for smaller screens Blank and non-alphanumeric lines are 75% the normal height No extra spacing between lines (saves 1 vertical pixel per line) Menu and toolbar share the same line Full screen mode (Shift+Alt+Enter) saves some vertical pixels High DPI support and per-monitor DPI-aware Translated to several languages Highly extensible Write your own extensions and add your own features All major features are already extensions (assembly editor, debugger, decompiler) Multiple tabs and tab groups Your screen is too big? Don’t cut it in half, add another vertical tab group and read two classes at once! The tabs and positions within the text editors are saved when you close dnSpy and restored at startup so you can continue where you left off Search assemblies Search for types (classes), methods, properties, events, fields Search for strings or numbers in code Assembly analyzer Find usages of types (classes), methods, properties, events, fields BAML to XAML decompiler Fast Highlighted references, keywords References under the caret are highlighted to make it easier to see all uses of the reference in the code Tab, Shift+Tab, Ctrl+Shift+Up, Ctrl+Shift+Down moves to the next or previous reference Alt+Down and Alt+Up moves to the next or previous definition (type (class), method, property, event, field) Structure visualizer Vertical guide lines shown between start and end of code blocks Different colors are used for different blocks, eg. loop, conditional, method, etc dnlib is used to read and write assemblies so it can handle obfuscated code (eg. malware) without crashing Go to commands: Entry point Assembly static initialization method (<Module>..cctor) Any metadata token Any metadata row Syntax highlighted tooltips with XML doc comments when hovering over a type (class), method, property, event, field Methods, properties and events are decompiled in source code order or a custom user-defined order Source code order means that related methods are usually next to each other, just like the programmer wanted Background images can be shown in the text editor Export to project decompiles all selected assemblies and creates a Visual Studio solution Multiple assemblies can be exported at the same time Creates a Visual Studio solution (supports VS2005 – VS-latest) and project files Supports WinForms and WPF classes (creates a code-behind .cs/.vb file and a WinForms .resx / WPF .xaml file) Converts .NET resources to .resx files Open from GAC Command line decompiler Supports Windows, Linux and Mac Syntax highlights output to the screen Scripting with C# REPL Call public dnSpy methods from scripts Script the debugger and other extensions Hex editor Method tokens and addresses are shown in comments and can be clicked to go to the raw metadata or IL bytes Metadata editor Collapse Assembly Explorer nodes command to quickly collapse unused nodes And more… Changelog v6.2 RC1 New features: dnSpy now runs under .NET 6 and .NET Framework 4.8. Move to VS2022 icons for UI and exe files (by @InKahootz and @SychicBoy) Support for tilt/horizontal scrolling in the UI. Added support for editing custom attributes on module resources. Added support for modifying the Log2Rid value when saving the module. Add support for ARM64 target architecture in the assembly editor. Add an enum for PE Magic field in the PE editor (by @riQQ) Show debugged process’s name in the title bar (by @InKahootz) Add support for writing VS2022 compatible .sln files. Added back the Save Code, Save BAML, and Save XAML options in the File context menu which save the contents of the currently open document tab. Debugger: Display a warning message before starting to debug a target file with a different bitness than the current dnSpy version running. Add a new option that allows to automatically break on <Module>::.cctor when starting to debug. Display the exception’s HResult property when an unhandled exception is hit. ILSpy decompiler: Added jump to reference support for jmp() expressions created when the jmp CIL opcode is present. CIL disassembler now includes information about generic parameter attributes and constraints. Add more information to the output when disassembling the module node when using the CIL disassembler. The decompiler now splits up long method call chains using a new line. Generate debug info for yield break; statements. Improvements and bug fixes: Fix the .NET 6 console executable having the incorrect subsystem set in the PE options resulting in a crash. Fixed escaping of namespaces in tooltips. Fixed syntax highlighting for structs in tooltips. Improved RVA <-> FileOffset conversions in PE editor to fix a crash with invalid values being passed in. Improved assembly resolution for .NET Standard, .NET Core, .NET 5, .NET 6. Read probe paths from .config files when searching for satellite assemblies during project export. Fixed incorrect label in the Save Module dialog. ILSpy Decompiler Optimized the variable naming step in the decompiler by reducing memory allocations. Improved insertion of checked() blocks. Improved decompilation of query expressions. Prevent delegate construction decompilation from crashing the entire decompiler if it failed. Improved analysis for unsafe modifier. Ignore invalid prefixes when constructing the ILAst. This prevents a common method used to crash the decompiler from working. Many improvements and fixes to the async method decompilation logic. Optimized the removal of dead nop instructions when building the ILAst. This deficiency was a known method to crash dnSpy’s decompiler by filling a method body with huge amounts of useless code. Fixed a rare case where field initializers would not be detected properly. Fixed a rarely occurring bug that resulted in incorrect ILAst being built. Optimized construction of ILAst by calculating the stack behavior of instruction only once and by caching the result of MethodDef.HasReturnType. Improved required parenthesis analysis. Debugger: Fixed a bug that caused the infamous ??? exception to occur when debugging. Improved debugging support for newer mono runtimes. Fixed a crash that occurred in the .NET Framework version of dnSpy when a module loaded into memory during debugging would contain an invalid file path resulting in a crash. BAML decompiler Resolve namespaces of properties. Fix Name attribute for properties incorrect in rare circumstances. Fix missing x:Static and x:Type (by @wwh1004) Dependency updates: Updated dnlib to 3.5.0 Updated Iced to 1.17.0 Roslyn compiler to 4.1.0 Ookii.Dialogs.Wpf to 5.0.1 VS MEF to 16.9.20 ILSpy to 2.4 Mono.Debugger.Soft was updated to the latest commit. [hide][Hidden Content]]

.NETReactorSlayer is an open source (GPLv3) deobfuscator for Eziriz .NET Reactor 3.1.0.0 RC1 Latest Changes Improve Control Flow Deobfuscator Improve & Fix Cleaner Added Boolean Decryptor [hide][Hidden Content]]

Security Onion Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes! Below are several diagrams to represent the current architecture and deployment scenarios for Security Onion on the Elastic Stack. Core Components Logstash – Parse and format logs. Elasticsearch – Ingest and index logs. Kibana – Visualize ingested log data. Auxiliary Components Curator – Manage indices through scheduled maintenance. ElastAlert – Query Elasticsearch and alert on user-defined anomalous behavior or other interesting bits of information. FreqServer -Detect DGAs and find random file names, script names, process names, service names, workstation names, TLS certificate subjects and issuer subjects, etc. DomainStats – Get additional info about a domain by providing additional context, such as creation time, age, reputation, etc. Changelog v2.0 RC1 Re-branded 2.0 to give it a fresh look All documentation has moved to our docs site soup is alive! Note: This tool only updates Security Onion components. Please use the built-in OS update process to keep the OS and other components up to date. so-import-pcap is back! See the so-import-pcap docs here. Fixed issue with so-features-enable Users can now pivot to PCAP from Suricata alerts ISO install now prompts users to create an admin/sudo user instead of using a default account name The web email & password set during setup is now used to create the initial accounts for TheHive, Cortex, and Fleet Fixed issue with disk cleanup Changed the default permissions for /opt/so to keep non-priviledged users from accessing salt and related files Locked down access to certain SSL keys Suricata logs now compress after they roll over Users can now easily customize shard counts per index Improved Elastic ingest parsers including Windows event logs and Sysmon logs shipped with WinLogbeat and Osquery (ECS) Elastic nodes are now “hot” by default, making it easier to add a warm node later so-allow now runs at the end of an install so users can enable access right away Alert severities across Wazuh, Suricata and Playbook (Sigma) have been standardized and copied to event.severity: 1-Low / 2-Medium / 3-High / 4-Critical Initial implementation of alerting queues: Low & Medium alerts are accessible through Kibana & Hunt High & Critical alerts are accessible through Kibana, Hunt and sent to TheHive for immediate analysis ATT&CK Navigator is now a statically-hosted site in the nginx container Playbook All Sigma rules in the community repo (500+) are now imported and kept up to date Initial implementation of automated testing when a Play’s detection logic has been edited (i.e., Unit Testing) Updated UI Theme Once authenticated through SOC, users can now access Playbook with analyst permissions without login Kolide Launcher has been updated to include the ability to pass arbitrary flags – new functionality sponsored by SOS Fixed issue with Wazuh authd registration service port not being correctly exposed Added option for exposure of Elasticsearch REST API (port 9200) to so-allow for easier external querying/integration with other tools Added option to so-allow for external Strelka file uploads (e.g., via strelka-fileshot) Added default YARA rules for Strelka – default rules are maintained by Florian Roth and pulled from [Hidden Content] Added the ability to use custom Zeek scripts Renamed “master server” to “manager node” Improved unification of Zeek and Strelka file data [hide][Hidden Content]]

UNA version 10.0.0 RC1 suffers from a persistent cross site scripting vulnerability in polyglot.php. View the full article