chainsaw (2.14.1-0kali2)
3 versions available in kali/kali-last-snapshot/main/amd64
Details
Core information at a glance
- Distribution
- kali
- Origin
- kali-last-snapshot
- Repository
- https://http.kali.org/kali
- Codename
- kali-last-snapshot
- Component
- main
- Source
- none
- Architecture
- amd64
- Section
- misc
- Priority
- optional
- Maintainer
- Kali Developers <[email protected]>
Size & integrity
Byte sizes and integrity verification
- Installed size
- 10.1 kB
- Size expected
- 2.4 MB
- Size actual
- 2.4 MB
- Size match
Suggested packages
Recommended additional packages
- None
Description
Rapidly search and hunt through Windows forensic artefacts
Tags
Package classification tags
None
Checksums
Hash values and integrity verification status
| Type | Actual | Match |
|---|---|---|
| MD5 | c2f9275e…26942a85 | |
| SHA-1 | fced0876…6ce783e3 | |
| SHA-256 | d952461a…ad23307f | |
| SHA-512 | 3d754e5c…beb5d517 |
Contents
Files and directories included
. usr usr/bin usr/bin/chainsaw usr/share usr/share/chainsaw usr/share/chainsaw/analysis usr/share/chainsaw/analysis/shimcache_patterns.txt usr/share/chainsaw/mappings usr/share/chainsaw/mappings/sigma-event-logs-all.yml usr/share/chainsaw/mappings/sigma-event-logs-legacy.yml usr/share/chainsaw/rules usr/share/chainsaw/rules/evtx usr/share/chainsaw/rules/evtx/account_tampering usr/share/chainsaw/rules/evtx/account_tampering/new_user_created.yml usr/share/chainsaw/rules/evtx/account_tampering/user_added_to_global_group.yml usr/share/chainsaw/rules/evtx/account_tampering/user_added_to_local_group.yml usr/share/chainsaw/rules/evtx/account_tampering/user_added_to_universal_group.yml usr/share/chainsaw/rules/evtx/antivirus usr/share/chainsaw/rules/evtx/antivirus/f-secure.yml usr/share/chainsaw/rules/evtx/antivirus/f-secure_legacy.yml usr/share/chainsaw/rules/evtx/antivirus/kaspersky.yml usr/share/chainsaw/rules/evtx/antivirus/mcafee.yml usr/share/chainsaw/rules/evtx/antivirus/sophos.yml usr/share/chainsaw/rules/evtx/antivirus/symantec.yml usr/share/chainsaw/rules/evtx/antivirus/windows_defender.yml usr/share/chainsaw/rules/evtx/antivirus/windows_security_essentials.yml usr/share/chainsaw/rules/evtx/applocker usr/share/chainsaw/rules/evtx/applocker/eid_8002_applocker_lolbins_allowed_to_run.yml usr/share/chainsaw/rules/evtx/applocker/eid_8002_applocker_reconnaissance_allowed.yml usr/share/chainsaw/rules/evtx/applocker/eid_8002_lolbin_lateral_mouvement.yml usr/share/chainsaw/rules/evtx/applocker/eid_8002_privilege_escalation.yml usr/share/chainsaw/rules/evtx/applocker/eid_8004_applocker_exe-dll_blocked.yml usr/share/chainsaw/rules/evtx/applocker/eid_8007_applocker_msi-script_blocked.yml usr/share/chainsaw/rules/evtx/credential_access usr/share/chainsaw/rules/evtx/credential_access/kerberoasting_administrator.yml usr/share/chainsaw/rules/evtx/credential_access/weak_kerberos_ticket.yml usr/share/chainsaw/rules/evtx/defense_evasion usr/share/chainsaw/rules/evtx/defense_evasion/T1562.001 - Sysmon Service set to Manual.yml usr/share/chainsaw/rules/evtx/defense_evasion/T1562.001 - Sysmon Service was Disabled.yml usr/share/chainsaw/rules/evtx/indicator_removal usr/share/chainsaw/rules/evtx/indicator_removal/T1070.009 - Scheduled Task was Deleted.yml usr/share/chainsaw/rules/evtx/lateral_movement usr/share/chainsaw/rules/evtx/lateral_movement/T1021.004 - Lateral Movement via SSH.yml usr/share/chainsaw/rules/evtx/lateral_movement/batch_logon.yml usr/share/chainsaw/rules/evtx/lateral_movement/interactive_logon.yml usr/share/chainsaw/rules/evtx/lateral_movement/network_logon.yml usr/share/chainsaw/rules/evtx/lateral_movement/rdp_logon.yml usr/share/chainsaw/rules/evtx/lateral_movement/service_logon.yml usr/share/chainsaw/rules/evtx/lateral_movement/unlock_logon.yml usr/share/chainsaw/rules/evtx/log_tampering usr/share/chainsaw/rules/evtx/log_tampering/security_audit_log_was_cleared.yml usr/share/chainsaw/rules/evtx/log_tampering/system_log_was_cleared.yml usr/share/chainsaw/rules/evtx/login_attacks usr/share/chainsaw/rules/evtx/login_attacks/account_brute_force.yml usr/share/chainsaw/rules/evtx/microsoft_rasvpn_events usr/share/chainsaw/rules/evtx/microsoft_rasvpn_events/eid_20220_20227_rasvpn_client_connection_error.yml usr/share/chainsaw/rules/evtx/microsoft_rasvpn_events/eid_20221_to_20225_rasvpn_client_connection_establishment.yml usr/share/chainsaw/rules/evtx/microsoft_rasvpn_events/eid_20226_rasvpn_client_connection_termination.yml usr/share/chainsaw/rules/evtx/microsoft_rasvpn_events/eid_20250_20274_rasvpn_server_logon.yml usr/share/chainsaw/rules/evtx/microsoft_rasvpn_events/eid_20253_20255_connection_error.yml usr/share/chainsaw/rules/evtx/microsoft_rasvpn_events/eid_20271_rasvpn_server_authentication_error.yml usr/share/chainsaw/rules/evtx/microsoft_rasvpn_events/eid_20272_20275_rasvpn_server_logoff.yml usr/share/chainsaw/rules/evtx/microsoft_rds_events usr/share/chainsaw/rules/evtx/microsoft_rds_events/rd_connection_broker usr/share/chainsaw/rules/evtx/microsoft_rds_events/rd_connection_broker/eid_1307_rdcb_successful_client_redirection.yml usr/share/chainsaw/rules/evtx/microsoft_rds_events/rd_connection_broker/eid_800_rdcb_connection_request_received.yml usr/share/chainsaw/rules/evtx/microsoft_rds_events/rd_connection_broker/eid_801_rdcb_connection_request_successfully_processed.yml usr/share/chainsaw/rules/evtx/microsoft_rds_events/rd_gateway usr/share/chainsaw/rules/evtx/microsoft_rds_events/rd_gateway/eid_200_rdgw_rd_cap_requirements_met.yml usr/share/chainsaw/rules/evtx/microsoft_rds_events/rd_gateway/eid_300_rdgw_rd_rap_requirements_met.yml usr/share/chainsaw/rules/evtx/microsoft_rds_events/rd_gateway/eid_302_rdgw_user_connected_to_resource.yml usr/share/chainsaw/rules/evtx/microsoft_rds_events/rd_gateway/eid_303_rdgw_user_disconnected_from_resource.yml usr/share/chainsaw/rules/evtx/microsoft_rds_events/rd_web_access usr/share/chainsaw/rules/evtx/microsoft_rds_events/rd_web_access/eid_4624_rdwa_logon.yml usr/share/chainsaw/rules/evtx/microsoft_rds_events/user_profile_disk usr/share/chainsaw/rules/evtx/microsoft_rds_events/user_profile_disk/eid_5_user_profile_service_registry_file_loaded.yml usr/share/chainsaw/rules/evtx/persistence usr/share/chainsaw/rules/evtx/persistence/T1053.005 - Scheduled Task was Created.yml usr/share/chainsaw/rules/evtx/persistence/T1547.004 - Winlogon System Shell Changed.yml usr/share/chainsaw/rules/evtx/powershell usr/share/chainsaw/rules/evtx/powershell/eid_400_powershell_engine_state_available.yml usr/share/chainsaw/rules/evtx/powershell/eid_403_powershell_engine_state_stopped.yml usr/share/chainsaw/rules/evtx/powershell/eid_4104_powershell_script_executed.yml usr/share/chainsaw/rules/evtx/rdp_attacks usr/share/chainsaw/rules/evtx/rdp_attacks/eid_21_rdp_session_logon_succeeded.yml usr/share/chainsaw/rules/evtx/rdp_attacks/eid_22_file_explorer_shell_appeared_in_rdp_session.yml usr/share/chainsaw/rules/evtx/rdp_attacks/eid_23_rdp_session_logoff.yml usr/share/chainsaw/rules/evtx/rdp_attacks/eid_39_rdp_session_disconnected.yml usr/share/chainsaw/rules/evtx/rdp_attacks/event_id_1149.yaml usr/share/chainsaw/rules/evtx/rdp_attacks/event_id_24.yaml usr/share/chainsaw/rules/evtx/rdp_attacks/event_id_25.yaml usr/share/chainsaw/rules/evtx/rdp_attacks/event_id_4624_logontype_10.yaml usr/share/chainsaw/rules/evtx/service_installation usr/share/chainsaw/rules/evtx/service_installation/credential_dumping_tools.yml usr/share/chainsaw/rules/evtx/service_installation/csexec.yml usr/share/chainsaw/rules/evtx/service_installation/krbrelayup.yml usr/share/chainsaw/rules/evtx/service_installation/meterpreter_cobalt_strike_getsystem.yml usr/share/chainsaw/rules/evtx/service_installation/powershell.yml usr/share/chainsaw/rules/evtx/service_installation/processhacker.yml usr/share/chainsaw/rules/evtx/service_installation/remote_access_tools.yml usr/share/chainsaw/rules/evtx/service_installation/smbexec.yml usr/share/chainsaw/rules/evtx/service_installation/suspicious_commands.yml usr/share/chainsaw/rules/evtx/service_installation/suspicious_paths.yml usr/share/chainsaw/rules/evtx/service_installation/sysinternals_psexec.yml usr/share/chainsaw/rules/evtx/service_installation/tap0901.yml usr/share/chainsaw/rules/evtx/service_tampering usr/share/chainsaw/rules/evtx/service_tampering/event_log.yml usr/share/chainsaw/rules/evtx/service_tampering/mssql_sus_behavior.yml usr/share/chainsaw/rules/evtx/service_tampering/remote_registry_usage.yml usr/share/chainsaw/rules/evtx/service_tampering/xp_cmdshell_enabled.yml usr/share/chainsaw/rules/mft usr/share/chainsaw/rules/mft/adamntds_dit_mft.yml usr/share/chainsaw/rules/mft/advanced_ip_scanner_mft.yml usr/share/chainsaw/rules/mft/advanced_port_scanner_mft.yml usr/share/chainsaw/rules/mft/angry_ip_scanner_mft.yml usr/share/chainsaw/rules/mft/anydesk_mft.yml usr/share/chainsaw/rules/mft/browserscan_mft.yml usr/share/chainsaw/rules/mft/filezilla_mft.yml usr/share/chainsaw/rules/mft/lsass_dmp_mft.yml usr/share/chainsaw/rules/mft/megasync_mft.yml usr/share/chainsaw/rules/mft/mimikatz_mft.yml usr/share/chainsaw/rules/mft/netscan_mft.yml usr/share/chainsaw/rules/mft/nirsoft_mft.yml usr/share/chainsaw/rules/mft/ntds_dit_mft.yml usr/share/chainsaw/rules/mft/processhacker_mft.yml usr/share/chainsaw/rules/mft/psexec_mft.yml usr/share/chainsaw/rules/mft/pstools_mft.yml usr/share/chainsaw/rules/mft/rclone_mft.yml usr/share/chainsaw/rules/mft/rubeus_mft.yml usr/share/chainsaw/rules/mft/shadow_dumper_mft.yml usr/share/chainsaw/rules/mft/sup_script_exec_intel_mft.yml usr/share/chainsaw/rules/mft/sup_script_exec_perflogs_mft.yml usr/share/chainsaw/rules/mft/sup_script_exec_program_files_root_mft.yml usr/share/chainsaw/rules/mft/sup_script_exec_programdata_mft.yml usr/share/chainsaw/rules/mft/sup_script_exec_public_mft.yml usr/share/chainsaw/rules/mft/sup_script_exec_recyclebin_mft.yml usr/share/chainsaw/rules/mft/sup_script_exec_recyclebin_nonstand_mft.yml usr/share/chainsaw/rules/mft/sup_script_exec_root_mft.yml usr/share/chainsaw/rules/mft/sup_script_exec_root_nonstand_fold_mft.yml usr/share/chainsaw/rules/mft/sup_script_exec_root_temp_mft.yml usr/share/chainsaw/rules/mft/sup_script_exec_rtlo_mft.yml usr/share/chainsaw/rules/mft/sup_script_exec_user_desktop_mft.yml usr/share/chainsaw/rules/mft/sup_script_exec_user_downloads_mft.yml usr/share/chainsaw/rules/mft/sup_script_exec_user_mft.yml usr/share/chainsaw/rules/mft/sup_script_exec_windows_root_mft.yml usr/share/chainsaw/rules/mft/sup_script_exec_windows_temp_mft.yml usr/share/chainsaw/rules/mft/systeminformer_mft.yml usr/share/chainsaw/rules/mft/winscp_mft.yml usr/share/chainsaw/rules/mft/xenallpasswordpro_mft.yml usr/share/doc usr/share/doc/chainsaw usr/share/doc/chainsaw/changelog.Debian.gz usr/share/doc/chainsaw/copyright usr/share/lintian usr/share/lintian/overrides usr/share/lintian/overrides/chainsaw