Threat intelligence is one of the most critical weapons we can use in cyber defense. I often use Threat intelligence for enhancing my daily tasks in LIFARS such as incident response, threat hunting, forensics and malware analysis. And because the automation is the key for many tasks, I decided to design a new tool which helps us to speedup our processes. Our great R&D team then developed this tool and we recently released under Open Source MIT License as our gift to the community.
IDA, the Interactive Disassembler, is well known tool. It also comes in Freeware version, however, there are several limitations. For example, it is known, that IDA Freeware doesn’t support IDA Python, scripting language which brings the best from the IDA and from the Python world. For scripting, IDA Freeware supports only IDC, a “toy”  C-like language. In past I was wondering if it is possible to run Python even from IDA Freeware, Recently I played little bit more with IDC and I found a way how to pass data from IDA to external Python, and get back results to the IDA.
Few weeks ago, I saw somewhere on the Internet question about IDA Freeware compatibility with the Fluorescence plugin. And because this plugin is written in IDAPython and IDAPython isn’t officially supported by IDA Freeware, also this plugin isn’t compatible. However, when I checked what this plugin does, it turns out that it is very simple - its purpose is to highlight call instructions. So as an exercise I re-created IDC script with similar feature, and moreover, I also created plugin version of IDC Fluorescence.
I wondered about forensic analysis of Synology NAS, especially how to create a memory dump, but unfortunately, I was not able to find any useful howtos. I had to try it myself, but as a 1st step I needed a running instance of Synology DSM (DiskStation Manager, the web-based OS running on Synology NAS). Because I do not have any real HW Synology NAS, I decided to try it as a Virtual Machine.
Some people asked me what tools can be useful for Incident Response and for the CSIRT/CERT teams, so I decided to prepare list of such tools and seize the opportunity of the Open Source Weekend in Košice, Slovakia on 19th October. The motivation behind this list is help to enthusiasts and new teams to prepare and/or strengthen technical equipment needed for incident response with minimal costs. On the other hand, the participation of clever and engaged people is always required for similar tasks in cybersecurity, and use of Open Source and Free(ware) tools can have some caveats with need of more tinkering or adjustments.