From 23575fb9a85d50ce8c00caca584ce9750f4f76ff Mon Sep 17 00:00:00 2001 From: fukusuket <41001169+fukusuket@users.noreply.github.com> Date: Tue, 5 Sep 2023 22:09:32 +0900 Subject: [PATCH 1/2] fix: assume that the fromHex error was originally a decimal number --- src/takajopkg/timelineSuspiciousProcesses.nim | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/takajopkg/timelineSuspiciousProcesses.nim b/src/takajopkg/timelineSuspiciousProcesses.nim index f316eb51..29f7f7d7 100644 --- a/src/takajopkg/timelineSuspiciousProcesses.nim +++ b/src/takajopkg/timelineSuspiciousProcesses.nim @@ -60,7 +60,10 @@ proc timelineSuspiciousProcesses(level: string = "high", output: string = "", qu computer = jsonLine["Computer"].getStr() process = jsonLine["Details"]["Proc"].getStr() pidStr = jsonLine["Details"]["PID"].getStr() - pidStr = intToStr(fromHex[int](pidStr)) + try: + pidStr = intToStr(fromHex[int](pidStr)) + except ValueError: + discard # conversion errors in fromHex are assumed to have originally been decimal. user = jsonLine["Details"]["User"].getStr() lid = jsonLine["Details"]["LID"].getStr() try: From 3adb75000d3723d6841943c3a9dfe2f933dbc48d Mon Sep 17 00:00:00 2001 From: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com> Date: Wed, 6 Sep 2023 05:09:12 +0900 Subject: [PATCH 2/2] update changelog --- CHANGELOG-Japanese.md | 4 ++++ CHANGELOG.md | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md index d3509fe9..4af9a3b6 100644 --- a/CHANGELOG-Japanese.md +++ b/CHANGELOG-Japanese.md @@ -7,6 +7,10 @@ - TakajoがNim 2.0.0でコンパイルできるようになった。(#31) (@fukusuket) - 依存関係を減らすため、HTTPクライアントをPuppyに置き換えた。 (#33) (@fukusuket) +**バグ修正*:** + +- Hayabusa 2.8.0以上の結果で`timeline-suspicious-processes`を実行した際のクラッシュを修正した。 (#35) (@fukusuket) + ## 2.0.0 [2022/08/03] - [SANS DFIR Summit 2023 Release](https://www.sans.org/cyber-security-training-events/digital-forensics-summit-2023/) **新機能:** diff --git a/CHANGELOG.md b/CHANGELOG.md index 837b347a..25b195b3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,9 @@ - Takajo now compiles with Nim 2.0.0. (#31) (@fukusuket) - Replaced HTTP with Puppy to reduce external dependencies. (#33) (@fukusuket) -- `list-domains`: create a +**Bug Fixes*:** + +- `timeline-suspicious-processes` would crash when Hayabusa results from version 2.8.0+ was used. (#35) (@fukusuket) ## 2.0.0 [2022/08/03] - [SANS DFIR Summit 2023 Release](https://www.sans.org/cyber-security-training-events/digital-forensics-summit-2023/)