Trucking on with DotDumper

property
value
tags
.net,defensive-tradecraft,malware-analysis,pkm-pocket-pipeline,reverse-engineering
url
original_word_count
2104

Article Excerpt

On the 11th of August 2022, the initial public version of DotDumper was released. A brief refresh: DotDumper is an open-source automatic unpacker for DotNet Framework targeting files.

Long Summary

Trellix is a comprehensive cybersecurity company that provides a range of services and solutions to stay ahead of cyber adversaries. The company has recently announced a strategic partnership with Trustwave, and has released an update to DotDumper. The update includes unmanaged hooks to successfully log process injection, a GUI-based log viewer, improved command-line interface argument handling, and more. The DotDumperGUI is a Windows Forms Application written in C# using DotNet Core, which allows one to load a JSON log from a DotDumper run and easily navigate through it. The command-line interface (CLI) now requires only one argument: the file path. Additionally, the SHA-384 and SHA-512 hashes are calculated for encountered data, using the DotNet Framework’s internally available classes.

Trellix encourages users to create pull requests if they have an idea they would like to work out, and offers help and bug fixes if needed. The company has recently been recognized by CRN for its Women of the Channel and Power 100 Lists, and has also received a FedRAMP High Authorization to Operate for Trellix Extended Detection and Response GovCloud. The Bug Report for March 2023 Edition features four CVEs: CVE-2023-24033, CVE-2023-21036 (Acropalypse), CVE-2023-23397, and CVE-2023-24880.

Trellix is leading the evolution of XDR, which provides the connecting tissue needed to detect, prevent, and remediate attacks across all vectors. The company is providing superior visibility and faster, more precise detection and response to security teams defending against cyberthreats. With this, Trellix is helping to ensure that organizations are better protected against cyber threats. This article provides an overview of Trellix's services and solutions, as well as the Bug Report for March 2023 Edition. It also highlights the company's strategic partnership with Trustwave and the update to DotDumper.

Short Summary

πŸ““ Trucking on with DotDumper

πŸ‘‰πŸ½ On the 11th of August 2022, the initial public version of DotDumper was released. A brief refresh: DotDumper is an open-source automatic unpacker for DotNet Framework targeting files. πŸ‘‰πŸ½ Trellix is a comprehensive cybersecurity company. πŸ‘‰πŸ½ It offers services and solutions to stay ahead of cyber adversaries. πŸ‘‰πŸ½ The company has a strategic partnership with Trustwave. πŸ‘‰πŸ½ Trellix has released an update to DotDumper. πŸ‘‰πŸ½ The update includes unmanaged hooks and an improved GUI-based log viewer. πŸ‘‰πŸ½ The DotDumperGUI allows for easy navigation of JSON logs. πŸ‘‰πŸ½ The CLI now requires only one argument. πŸ‘‰πŸ½ Trellix encourages users to create pull requests and offers help with bug fixes. πŸ‘‰πŸ½ The company has received recognition from CRN and is FedRAMP authorized. πŸ‘‰πŸ½ Trellix is leading the evolution of XDR to detect, prevent, and remediate attacks.

#Trellix #cybersecurity #partnership #DotDumper #bugreport