Tonight Evan and I were 'vibe debugging', trying to get the models to fix their own code. We were successfully able to get it to fix issues with the storage of the configuration file, but we left the stream being unable to start a memory capture process. Tune in tomorrow for more!
Hello Reader,
Just an announcement that I'll be moderating a panel on legal cybersecurity issues on March 26, 2025. I'll be joined by my colleague Jonathan Rajewski and a host of inside and outside counsels as well as the Honorable Ada Brown. If you are interested or just want to learn more please click this link to read about it and register.
Hello Reader,
It's Sunday! This week's challenge is vibing. If you haven't heard about 'vibe coding' it's what Evan and I have been doing in our streams, letting the AI do all the coding and just 'vibing' along. This week I want to see you resurrect old unmaintained tools and see what you can do with them!
Pick an unsupported DFIR project of your choice and bring it back to life! Add new features and make it work on modern systems. While you are not required to 'vibe code' (AI coding) in this instance it's fully encouraged! Send me links to writeups or github repo's when your done!
Hello Reader,
This week Phill Moore has brought us the winning answer but as his conversation on X showed it was an answer that could have had additional findings if all of the new logging sources were turned on. Let's celebrate Phill's win and know that blogs will be coming to explore his results and what log sources can be turned on to give even more information.
Hello Reader,
Tonight Evan and I took an express train to the coast and brought a Jimmy Buffet inspired web interface to Margarita shotgun with one prompt and two fixes. Here is the prompt:
"create a web interface as you proposed earlier to allow the user to be able to configure, run, manage and monitor the tool. This should not require nodejs or react, things like flask and bootstrap or htmx would be better. I want the server and front end to be self contained within the script and while it can add additional libraries it should not require additional programs/servers/framework or systems to be installed outside of just python modules. The interface should be modern, resiazble, sortable on any fields displayed and have an overall theme of Jimmy Buffetts classic tale of wasting away again in margartivalle. Thematic elements of shotguns, limes, margatitas, salt shakers and phrases like its five oclock somewherfe are encouraged. If you cannot generate the art images ascii art is acceptable. Quotes from Jimmy Buffet are desriable and welcome in the interface. The http server and web mode should start if someone runs the script without options, it should then return a text string telling them the localhost url to visit to view the page. "
and with that the Claude 3.7 model in Cursor actually did generate a full Margaritaville themed web dashboard for a tool that never had one! Next week we will actually test the tool to see if works! Tomorrow though stay tuned to see who won this week's Sunday Funday Challenge!
Hello Reader,
Tonight Evan and I used Cursor with the Clause 3.7 model to bring back to life the popular tool Margarita Shotgun ( GitHub - ThreatResponse/margaritashotgun: Remote Memory Acquisition Tool ) ! We got it to update the code to modern python 3 (the code hasn't been updated in 7 years) , suggest improvements and add a new interactive UI using the rich library... and it worked! Tomorrow night we will have a test environment in AWS to see what else needs to be fixed.
Hello Reader,
I'll be at the HTCIA Boston meeting on April 8, 2025 along with my colleagues Adam Hart, Kaya Overholzer speaking on some fun topics.
Adam is going to be speaking on Ransomware forensics and negotiations
Kaya is going to be speaking on ATM Jackpotting
and I'll be talking about Windows Hello Forensics.
I hope to see some of you there!
Hello Reader,
Tonight we got Claude 3.7 and GPT 4.5 to write unit tests and documentation for our tool, also our tool is now on Github! Check it out!
https://github.com/dlcowen/CloudTrailLogExplorer
Watch the stream here:
