Security related Docker containers, (Wed, Oct 2nd)

Category :

SANS Full Feed

Posted On :

Over the last 9 months or so, I’ve been putting together some docker containers that I find useful in my day-to-day malware analysis and forensicating. I have been putting them up on hub.docker.com and decided, I might as well let others know they were there. In a couple of cases, I just found it easier to create a docker container than try to remember to switch in and out of a Python virtualenv. In a couple of other cases, it avoids issues I’ve had with conflicting version of installed packages. In every case, I’m tracking new releases so I can update my containers when new releases come out and I usually do so within a couple of days of the new release. The ones that I have up at the moment are the following:

clausing/flare-floss

clausing/capa

clausing/hayabusa

clausing/takajo

clausing/chainsaw

clausing/yara

clausing/uac

clausing/dfir-unfurl

The USAGE portion of each page should give enough info on how to run thems (and what directories to map into the container). Hopefully, some of the rest of you will find these useful.

 

—————
Jim Clausing, GIAC GSE #26
jclausing –at– isc [dot] sans (dot) edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.