diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md index dcd7f597..242a6bd0 100644 --- a/CHANGELOG-Japanese.md +++ b/CHANGELOG-Japanese.md @@ -8,6 +8,10 @@ - 依存関係を減らすため、HTTPクライアントをPuppyに置き換えた。 (#33) (@fukusuket) - パフォーマンス向上のため、VirusTotalクエリをマルチスレッドにした。 (#33) (@fukusuket) +**バグ修正*:** + +- Hayabusa 2.8.0以上の結果で`timeline-suspicious-processes`を実行した際のクラッシュを修正した。 (#35) (@fukusuket) + ## 2.0.0 [2022/08/03] - [SANS DFIR Summit 2023 Release](https://www.sans.org/cyber-security-training-events/digital-forensics-summit-2023/) **新機能:** diff --git a/CHANGELOG.md b/CHANGELOG.md index 5264e728..6ba3a2e1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,9 @@ - Replaced HTTP with Puppy to reduce external dependencies. (#33) (@fukusuket) - Made VirusTotal lookups multi-threaded to increase performance. (#33) (@fukusuket) -- `list-domains`: create a +**Bug Fixes*:** + +- `timeline-suspicious-processes` would crash when Hayabusa results from version 2.8.0+ was used. (#35) (@fukusuket) ## 2.0.0 [2022/08/03] - [SANS DFIR Summit 2023 Release](https://www.sans.org/cyber-security-training-events/digital-forensics-summit-2023/) diff --git a/src/takajopkg/timelineSuspiciousProcesses.nim b/src/takajopkg/timelineSuspiciousProcesses.nim index f316eb51..29f7f7d7 100644 --- a/src/takajopkg/timelineSuspiciousProcesses.nim +++ b/src/takajopkg/timelineSuspiciousProcesses.nim @@ -60,7 +60,10 @@ proc timelineSuspiciousProcesses(level: string = "high", output: string = "", qu computer = jsonLine["Computer"].getStr() process = jsonLine["Details"]["Proc"].getStr() pidStr = jsonLine["Details"]["PID"].getStr() - pidStr = intToStr(fromHex[int](pidStr)) + try: + pidStr = intToStr(fromHex[int](pidStr)) + except ValueError: + discard # conversion errors in fromHex are assumed to have originally been decimal. user = jsonLine["Details"]["User"].getStr() lid = jsonLine["Details"]["LID"].getStr() try: