Category Archives: Software Releases

Dexray v2.33

Posted on by

Even in 2023 Dexray seems to be delivering value to DFIR practitioners. I am always very humbled by unsolicited additions to Dexray code, because it means the tool is still alive, despite the fact it was written in archaic (by today’s standards) perl, and the security landscape changing so much that AV quarantined files are not as important as they used to be 10 years ago.

Today’s addition covers Kaspersky Server Files quarantined files, courtesy of RevD17. Thank you.

Download the latest version here.

Mitre Att&ck – from JSON to CSV

Posted on by

I love JSON-formatted data so much that… anytime I see something valuable stored in this format I really can’t resist the temptation of converting it to CSV so that I can actually browse it and/or visually understand/analyze some of it 🙂

I know, I am old-school 🙂

Mitre Att&ck JSON file is a maverick on its own. Updated on regular basis, it contains so much cyberjuice that it is almost a crime not to convert it to CSV, at least some of it 😀

How do we go about it?

This is one of the ways… we use the following script with the input being latest version of the Mitre Att&ck JSON file. The file’s comments include the actual link….

Run it, and see if you like its output… Note that it uses lots of Boolean (0 or 1) output values in many of its columns – this is by design – these may help you to filter the data in Excel or Google Sheets as per your need…

And YES, I know there is jq, I know there are JSON readers/viewers/beautifiers, and I recently learned of pyattck, too. Still, when it comes to data analysis, I really like to keep my options open but also keep them close and control them a bit…