Skip to content

WhoYouCalling v1.2 🛰️
Compare
Choose a tag to compare
@H4NM H4NM released this 20 Oct 20:00
· 27 commits to main since this release
v1.2
468b147
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Features ✨

  • A Wireshark filter is created per DNS response. In other words, when a process wants to communicate with example-domain.com, a DNS request is made for that domain to retrieve an IP-adresses to communicate with. The response for that requests, if it includes an IP-adress or more, will result in a Wireshark filter. This can be used with a generated pcap for that process, further helping in analysing process telemetry.
  • Added the command line of started processes. This provides additional insight to the use and intent of spawned processes, which may also fill in some gaps where some endpoints are communicated with or domain names being resolved.
  • Add output of assigned IP-adresses to interfaces to make it easier identify which interface to monitor for packet capture.
Get-FileHash -path .\WhoYouCalling-1.2-*-selfcontained.zip -algo sha256

Algorithm       Hash                                                                   Path
---------       ----                                                                   ----
SHA256          081AFC562CC9618C4CACE4A3407FF01BC374A9F2D8151266E62878F18EB63781       WhoYouCalling-1.2-x64-s...
SHA256          94F69313A677F7D33FCC1229C668326230A7DFDF3E8ADAC597E1E759F1722855       WhoYouCalling-1.2-x86-s...

#WhyMyLsassPingingReddit :suspect:

Assets 4
Loading