MALoney (It's in the name): DFIR_Toolbar

MALoney (It's in the name)

Pages

Home
All Things Symantec
All Things OneDrive
Tools

Thursday, January 2, 2025

DFIR_Toolbar

For this post I thought I'd do something fun. I've been toying around with an idea for a toolbar. The idea came from a BlueHat IL talk Ulf Frisk gave in 2019. I found it interesting how Ulf could queue up commands for his demo. Ulf was nice enough to give me a copy. The original toolbar was a .hta file. I suited his needs for the talk but I wanted something more configurable and extendable.

I decided to make a toolbar in python that can be pretty much anything you want it to be. The menus are created with a configuration file and commands can be added through plugins. The two plugings included at this time are to launch a browser and copy what ever text you choose. It acts as a true toolbar, taking space at the top of the screen and not allowing applications to go over the top of it or behind.

Here is a list of websites that is included in the default config:
https://br0k3nlab.com/LoFP/
https://www.loldrivers.io/
https://gtfobins.github.io/
https://lolbas-project.github.io/
https://lots-project.com/
https://filesec.io/
https://malapi.io/
https://hijacklibs.net/
https://wadcoms.github.io/
https://www.loobins.io/
https://lolapps-project.github.io/
https://www.bootloaders.io/
https://cloud.google.com/blog/topics/threat-intelligence/bring-your-own-land-novel-red-teaming-technique/
https://lothardware.com.tr/
https://wtfbins.wtf/
https://lofl-project.github.io/
https://persistence-info.github.io/
https://github.com/WithSecureLabs/lolcerts
https://boostsecurityio.github.io/lotp/
https://lolbins-ctidriven.vercel.app/
https://lolesxi-project.github.io/LOLESXi/
https://lolrmm.io/
https://lolad-project.github.io/
https://beercow.github.io/LOLCloud-Project.github.io/index.html
https://attack.mitre.org/
https://d3fend.mitre.org/
https://github.com/rabobank-cdc/DeTTECT
https://atlas.mitre.org/matrices/ATLAS
https://unprotect.it/
https://github.com/MBCProject/mbc-markdown
https://github.com/palantir/alerting-detection-strategy-framework
https://mitre-attack.github.io/attack-navigator/
https://center-for-threat-informed-defense.github.io/attack-flow/ui/
https://www.vergiliusproject.com/
http://terminus.rewolf.pl/terminus/
https://any.run/
https://analyze.intezer.com/
https://iris-h.services/pages/dashboard#/pages/dashboard
https://tria.ge/
https://www.hybrid-analysis.com/
https://www.joesandbox.com/
https://app.threat.zone/scan
https://valkyrie.comodo.com/
https://www.filescan.io/scan
https://intelligence.gatewatcher.com/
https://labs.inquest.net/dfi
https://manalyzer.org/
https://threatpoint.checkpoint.com/ThreatPortal/emulation
https://www.virustotal.com/gui/home/upload
https://yomi.yoroi.company/upload
https://virus.exchange/
https://virusshare.com/
https://www.virussign.com/malware-scan/
https://malpedia.caad.fkie.fraunhofer.de/library
https://app.malcore.io/
https://hash.cymru.com/
https://crxaminer.tech/
https://lookyloo.circl.lu/capture
https://dfir.blog/unfurl/
https://urlquery.net/
https://urlscan.io/
https://sigconverter.io/
https://uncoder.io/
https://yarahq.github.io/
https://yaratoolkit.securitybreak.io/
https://start.me/p/7kj9X5/03-incident-response
https://start.me/p/ekq7Al/digital-forensics
https://start.me/p/BnmK5m/digital-forensics-incdident-respons
https://start.me/p/xbwgd0/sans-dfir-2022
https://start.me/p/AD57Rr/dfir-jedi
https://start.me/p/DPYPMz/the-ultimate-osint-collection
https://start.me/p/wMrA5z/cyber-threat-intelligence
https://start.me/p/jj0B26/dfir
https://start.me/p/OmxDbb/digital-forensics
https://start.me/p/q6mw4Q/forensics
https://start.me/p/wMmkPz/cyber-security
https://msportals.io/
https://cmd.ms
https://attackrulemap.netlify.app/
https://vulnerability.circl.lu
https://strontic.github.io/xcyclopedia/intro
https://www.kqlsearch.com/
https://gchq.github.io/CyberChef/
https://explainshell.com/
https://dogbolt.org/
https://dfiq.org/
https://iocparser.com/
https://wigle.net/

For the copy menu, I have included Andrew Rathbun's DFIRRegex

Menus that you use the most can also be configured to tear away so they are always available. I would really love your thoughts and ideas to make this into something useful for all. Here is a quick demo of what the toolbar can currently do.

DFIR_Toolbar can be found here.

Posted by Brian Maloney at 7:12 PM

Email This BlogThis!Share to X Share to Facebook Share to Pinterest

No comments:

Post a Comment

Newer Post Older Post Home

Subscribe to: Post Comments (Atom)

Linkedin

Twitter

Follow @bmmaloney97

Github

Follow @Beercow

Blog Archive

▼ 2025 (3)
- ▼ January (3)

► 2024 (3)
- ► November (1)
- ► September (1)
- ► March (1)

► 2023 (4)
- ► December (1)
- ► September (2)
- ► May (1)

► 2022 (1)
- ► December (1)

► 2021 (15)
- ► May (1)
- ► March (5)
- ► February (4)
- ► January (5)

► 2020 (2)
- ► June (1)
- ► January (1)

► 2019 (3)
- ► June (1)
- ► April (2)

► 2018 (5)
- ► December (1)
- ► August (1)
- ► May (1)
- ► April (1)
- ► March (1)

► 2017 (7)
- ► August (2)
- ► July (1)
- ► June (2)
- ► May (1)
- ► March (1)

► 2016 (1)
- ► December (1)

Labels

Antivirus (18)
ccSubSDK (2)
Forensics (1)
KAPE (2)
Log Parser Studio (3)
Logparser (3)
NBDServer (1)
OneDrive (2)
ProcDOT (6)
Procmon (1)
Python (5)
SEP (20)
SEPparser (2)
SQLite (1)
Symantec (18)
USB (1)
VBN (10)
Volatility (1)

Tweets about Bmmaloney97

Powered by Blogger.