March 8, 2015

GRR Live Memory Analysis

I wanted to write a quick follow-up to the last article discussing building out a GRR server. The one functionality that was having issues was live memory analysis and I thought this may have had something to do with the changeover from volatility to rekall. After troubleshooting this for a while and posting to the users group I realized that this was a testing environment issue. When I was originally testing I was using the default Amazon AWS environment. In the latest wave of testing I was using a private VPC with a subnet that had to connect out via […]
February 21, 2015

GRR Rapid Response Server Build Out

I’ve been spending a significant amount of time looking at endpoint solutions recently. My goal is to have an IR Swiss Army Knife and hunting platform as well as a tool that can perform random ad-hoc queries when the latest cyber crisis hits. There are a lot of tools out there that can do bits and pieces of this, and a few less than can do pretty much everything…but they cost a fortune. In this post I’ll discuss my experiences so far with a GRR Rapid Response Server Build Out. I stumbled upon GRR a while back and have played […]