There are no reviews yet. Be the first to send feedback to the community and the maintainers!
Tortilla v1.1.0 Beta by Jason Geffner ([email protected]) and Cameron Gutman ([email protected]) Tortilla is a free and open-source solution for Windows that transparently routes all TCP and DNS traffic through Tor. This product is produced independently from the Tor(r) anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else. LICENSE Please see the LICENSE.txt file for complete licensing details. BUILD INSTRUCTIONS A pre-built version of Tortilla.exe can be downloaded from http://www.crowdstrike.com/community-tools/ If you would like to use the pre-built Tortilla.exe, you may skip to USAGE INSTRUCTIONS; otherwise, follow the steps below to build Tortilla.exe with Visual Studio using the source code from https://github.com/CrowdStrike/Tortilla Note: Building Tortilla will require WDK 8.0 or higher. 1. Open the Tortilla.sln solution in Visual Studio 2. If you would like to use your own driver signing certificate instead of the test-signed certificate distributed with this distribution, update the Driver Signing Configuration Property in the TortillaAdapter project and the TortillaAdapter Package project 3. In the Visual Studio menu bar, select BUILD -> Batch Build... 4. In the Batch Build window, check the following items: InstallTortillaDriver Debug Win32 InstallTortillaDriver Debug x64 InstallTortillaDriver Release Win32 InstallTortillaDriver Release x64 Tortilla Debug Win32 Tortilla Release Win32 TortillaAdapter Vista Debug Win32 TortillaAdapter Vista Debug x64 TortillaAdapter Vista Release Win32 TortillaAdapter Vista Release x64 TortillaAdapter Package Vista Debug Win32 TortillaAdapter Package Vista Debug x64 TortillaAdapter Package Vista Release Win32 TortillaAdapter Package Vista Release x64 5. In the Batch Build window, press the Build button The driver package files, InstallTortillaDriver.exe, and the default Tortilla.ini file all get embedded in Tortilla.exe (created in the \Debug and \Release directories). You need not distribute anything other than Tortilla.exe. USAGE INSTRUCTIONS The usage instructions below apply to your host operating system. All of Tortilla's components exist on the host operating system. No Tortilla files need to be copied into your virtual machine. 1. If your host system is Windows Vista or later and the Tortilla driver package is signed with a test-signed certificate, configure your system to support test-signed drivers - http://msdn.microsoft.com/en-us/library/windows/hardware/ff553484(v=vs.85).aspx 2. Download the Tor Expert Bundle from https://www.torproject.org/download (expand the Microsoft Windows drop-down and download the Expert Bundle) 3. Install the Tor Expert Bundle and run Tor 4. Run Tortilla.exe; this will install the Tortilla Adapter as a virtual network adapter and will run the Tortilla client 5. Configure a virtual machine to use the Tortilla Adapter as its network adapter For VMware, open Virtual Network Editor, edit or add a new VMnet network, and bridge that VMnet to the Tortilla Adapter. In your virtual machine's Virtual Machine Settings, set the Network Adapter's Network connection to Custom and select the VMnet that was bridged to the Tortilla Adapter. 6. In your virtual machine's guest operating system, ensure that the network adapter's TCP/IPv4 protocol is configured to obtain an IP address automatically via DHCP (Tortilla acts as a simple DHCP server) 7. Use your VM to access the Internet; all TCP and DNS traffic will be automatically and transparently routed through Tor 8. If you like, you may edit the Tortilla.ini file created by Tortilla.exe; restarting Tortilla.exe will cause it to use the configuration in Tortilla.ini UNINSTALLATION INSTRUCTIONS 1. Delete Tortilla.exe 2. Delete Tortilla.ini 3. Open Device Manager in Windows, expand the list of Network adapters, and delete the Tortilla Adapter RELEASE NOTES 1.1.0 Beta -- Tortilla now uses non-blocking sockets for TCP and DNS, greatly reducing memory usage when making multiple simultaneous connections 1.0.1 Beta -- Driver initialization fix + client fix for DHCP broadcasts 1.0 Beta -- Initial release
CRT
Contact: [email protected]automactc
AutoMacTC: Automated Mac Forensic Triage Collectorfalconpy
The CrowdStrike Falcon SDK for Pythonpsfalcon
PowerShell for CrowdStrike's OAuth2 APIsForensics
Scripts and code referenced in CrowdStrike blog postsember-timetree
Visualize hierarchical timeline data. Built with Ember.js and D3.jsSuperMem
A python script developed to process Windows memory images based on triage type.travel-laptop
Auxiliary documentation and scripts around "A Reasonably Safe Travel Burner Laptop"falcon-orchestrator
CrowdStrike Falcon Orchestrator provides automated workflow and response capabilitiesCrowdDetox
The CrowdDetox plugin for Hex-Rays automatically removes junk code and variables from Hex-Rays function decompilations.cs-bro
Bro scripts written by CrowdStrike ServicesCloud-AWS
A collection of projects supporting AWS Integrationlogscale-community-content
This repository contains Community and Field contributed content for LogScaleCrowdFMS
CrowdStrike Feed Management System. CrowdFMS is a framework for automating collection and processing of samples from VirusTotal, by leveraging the Private API system. This framework automatically downloads recent samples, which triggered an alert on the users YARA notification feed.csproto
CrowdStrike's Protocol Buffers libraryfalcon-scripts
Scripts to streamline the deployment and use of the CrowdStrike Falcon sensorFalcon-Toolkit
Unleash the power of the Falcon Platform at the CLIfalcon-query-assets
Welcome to the Falcon Query Assets GitHub page.ansible_collection_falcon
Comprehensive toolkit for streamlining your interactions with the CrowdStrike Falcon platform.xwf-yara-scanner
CAST
CrowdStrike Archive Scan Tooltf2rust
Tensorflow to Rust is a tool to convert trained Tensorflow models to pure Rust code.VirtualGHOST
VirtualGHOST Detection Toolfalcon-helm
Helm Charts for running CrowdStrike Falcon with Kubernetesgofalcon
Golang-based SDK to CrowdStrike's APIspyspresso
The pyspresso package is a Python-based framework for debugging Java.falcon-operator
ember-browser-services
Services for interacting with browser APIs so that you can have fine-grained control in tests.MISP-tools
Import CrowdStrike Threat Intelligence into your instance of MISPdetection-container
perseus
The hero we all need to defeat the kraken that is Go module dependency graphsgotel
GoTel - Scheduled job monitoringfalcon-windows-host-recovery
Automated Windows host recoverycommunity
CrowdStrike's Open Source Policy & Contribution Guidecaracara
Developer enhancements (DX) for FalconPy, the CrowdStrike Python SDKcontainer-image-scan
Code to scan a container with CrowdStrike and return response codes indicating pass/fail status.Dockerfiles
Automation to help create container images pre-loaded with the CrowdStrike Falcon sensor.chopshop
Mitre chopshop network decoder frameworkFDR
Falcon Data Replicatorfaltest
A different take on WebDriver browser testingember-headless-form
Headless forms with a11y and validation support built inCloud-Azure
Discover for Cloud and Containers Azureembersim-databank
Code for the paper "EMBERSim: A Large-Scale Databank for Boosting Similarity Search in Malware Analysis"apbf
Go package implementing Age-Partitioned Bloom Filters (APBF)go-metrics-sliding-window
A sliding window sampling implementation for the rcrowley/go-metrics library.ember-headless-table
ember-aria-utilities
ARIA utilities for helping create some of the more complex ARIA design patterns. Follows https://www.w3.org/TR/wai-aria-practices/bpfmon-example
proof-of-concept example of using eBPF to Monitor for eBPF Map tamperingfalcon-windows-repair
Scripts to aid in diagnosing and repairing unhealthy Windows Falcon Sensor installationsember-resource-tasks
Resources for async functions in Emberfalcon-integration-gateway
Falcon Integration Gateway (FIG)cloud-resource-estimator
Cloud deployment size calculation utilitiesember-url-hash-polyfill
Support for in/inter page linking / scrolling with hashes in EmberJStf-layers
Tensorflow Layers provides Rust implementations of Tensorflow model layerstailwind-toucan-base
Base Tailwind config for the Toucan design system.aws-ssm-distributor
omigo-data-analytics
Data Analytics Library for Pythonhelpful-links
List of helpful publicly available CrowdStrike material.ivan
Falcon Image Vulnerability Analysis (IVAN) is a command-line image assessment tool.container-image-scan-action
CrowdStrike Container Image Scan Github Actionzscaler-FalconX-integration
This is the integration to feed Falcon X IOC data into zscaler's platformember-velcro
Ember Velcro sticks one element to another with Floating UI.kafka-replicator
Kafka replicator is a tool used to mirror and backup Kafka topics across regionsOWASSRF
falconjs
CrowdStrike Falcon API JS library for the browser and Noderusty-falcon
Rust bindings for CrowdStrike Falcon APIIdentity-Protection
monorepo-next
Detach monorepo packages from normal linkingNotPetyaDecryptor
ember-toucan-core
Toucan Design Systemaws-security-lake
Integration guide for CrowdStrike and Amazon Security Laketerraform-provider-crowdstrike
https://registry.terraform.io/providers/CrowdStrike/crowdstrike/latest/docspuppet-falcon
terraform-kubectl-falcon
Module to manage CrowdStrike Falcon Sensor and the Kubernetes Protection Agent on a Kubernetes cluster.Cloud-GCP
A collection of projects supporting GCP integrationcloud-tools-image
Command-line tools for remote communication with public and private cloud environments.aws-verified-access
Integration details between CrowdStrike Falcon Zero Trust Assessments (ZTA) and AWS Verified Accessfoundry-sample-mitre
Triage with MITRE Attack sample Foundry appHEC-Log-Shipper
This repository contains examples of code used to send data to Humio instancesimage-scan-example
Container-Security
cloud-scripts-hide-host
Event driven solution to automatically hide hosts from CrowdStrike upon termination.foundry-sample-scalable-rtr
Scalable RTR sample Foundry appfoundry-fn-go
crimson-falcon
A Shiny Ruby SDK of our Falcon APIember-toucan-styles
Ember wrapper, CSS, and JS utilities for working with the Toucan design systemember-three
Ember.js three.js shimfoundry-sample-rapid-response
Rapid Response sample Foundry appfalcon-cli
logscale-azure-event-hub-collector
LogScale Azure Event Hub Collectorcloud-pov
devdays
cs.aws_account
chronicle-intel-bridge
CrowdStrike to Chronicle Intel Bridgekubectl-falcon
Plug-in to kubectl command-line tool that helps with manipulation of Falcon Container.upb-cloud-workshop
A cloud workshop organised by Crowdstrike in Bucharest, Romania for the students of Universitatea Politehnica Bucharestopensource.crowdstrike.com
CrowdStrike-Spotlight-Humio-Package-Integration
ember-number-to-words-shim
Ember.js number-to-words shimtemplate-gitbook-workshop
Code behind https://crowdstrike.gitbook.io/template-gitbook-workshop/Love Open Source and this site? Check out how you can help us