CrowdStrike/Tortilla CrowdStrike/Tortilla

  • This repository has been archived on 25/Jan/2023
  • Stars
    star
    281
  • Rank 147,059 (Top 3 %)
  • Language
    C
  • License
    Other
  • Created over 11 years ago
  • Updated over 8 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
CrowdStrike/Tortilla
github

CrowdStrike

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details 

Tortilla v1.1.0 Beta
by Jason Geffner ([email protected])
and Cameron Gutman ([email protected])

Tortilla is a free and open-source solution for Windows that transparently routes all TCP and DNS traffic through Tor.

This product is produced independently from the Tor(r) anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.


LICENSE

Please see the LICENSE.txt file for complete licensing details.  


BUILD INSTRUCTIONS

A pre-built version of Tortilla.exe can be downloaded from http://www.crowdstrike.com/community-tools/
If you would like to use the pre-built Tortilla.exe, you may skip to USAGE INSTRUCTIONS; otherwise, follow the steps below to build Tortilla.exe with Visual Studio using the source code from https://github.com/CrowdStrike/Tortilla

Note: Building Tortilla will require WDK 8.0 or higher.

1. Open the Tortilla.sln solution in Visual Studio
2. If you would like to use your own driver signing certificate instead of the test-signed certificate distributed with this distribution, update the Driver Signing Configuration Property in the TortillaAdapter project and the TortillaAdapter Package project
3. In the Visual Studio menu bar, select BUILD -> Batch Build... 
4. In the Batch Build window, check the following items:
    InstallTortillaDriver Debug Win32
    InstallTortillaDriver Debug x64
    InstallTortillaDriver Release Win32
    InstallTortillaDriver Release x64
    Tortilla Debug Win32
    Tortilla Release Win32
    TortillaAdapter Vista Debug Win32
    TortillaAdapter Vista Debug x64
    TortillaAdapter Vista Release Win32
    TortillaAdapter Vista Release x64
    TortillaAdapter Package Vista Debug Win32
    TortillaAdapter Package Vista Debug x64
    TortillaAdapter Package Vista Release Win32
    TortillaAdapter Package Vista Release x64
5. In the Batch Build window, press the Build button

The driver package files, InstallTortillaDriver.exe, and the default Tortilla.ini file all get embedded in Tortilla.exe (created in the \Debug and \Release directories). You need not distribute anything other than Tortilla.exe.


USAGE INSTRUCTIONS

The usage instructions below apply to your host operating system. All of Tortilla's components exist on the host operating system. No Tortilla files need to be copied into your virtual machine.

1. If your host system is Windows Vista or later and the Tortilla driver package is signed with a test-signed certificate, configure your system to support test-signed drivers - http://msdn.microsoft.com/en-us/library/windows/hardware/ff553484(v=vs.85).aspx
2. Download the Tor Expert Bundle from https://www.torproject.org/download (expand the Microsoft Windows drop-down and download the Expert Bundle)
3. Install the Tor Expert Bundle and run Tor
4. Run Tortilla.exe; this will install the Tortilla Adapter as a virtual network adapter and will run the Tortilla client
5. Configure a virtual machine to use the Tortilla Adapter as its network adapter

   For VMware, open Virtual Network Editor, edit or add a new VMnet network, and bridge that VMnet to the Tortilla Adapter. In your virtual machine's Virtual Machine Settings, set the Network Adapter's Network connection to Custom and select the VMnet that was bridged to the Tortilla Adapter.

6. In your virtual machine's guest operating system, ensure that the network adapter's TCP/IPv4 protocol is configured to obtain an IP address automatically via DHCP (Tortilla acts as a simple DHCP server)
7. Use your VM to access the Internet; all TCP and DNS traffic will be automatically and transparently routed through Tor
8. If you like, you may edit the Tortilla.ini file created by Tortilla.exe; restarting Tortilla.exe will cause it to use the configuration in Tortilla.ini


UNINSTALLATION INSTRUCTIONS

1. Delete Tortilla.exe
2. Delete Tortilla.ini
3. Open Device Manager in Windows, expand the list of Network adapters, and delete the Tortilla Adapter


RELEASE NOTES

1.1.0 Beta
-- Tortilla now uses non-blocking sockets for TCP and DNS, greatly reducing memory usage when making multiple simultaneous connections
1.0.1 Beta
-- Driver initialization fix + client fix for DHCP broadcasts
1.0 Beta
-- Initial release

More Repositories

1

CRT

Contact: [email protected]
PowerShell
696
star
2

automactc

AutoMacTC: Automated Mac Forensic Triage Collector
Python
491
star
3

falconpy

The CrowdStrike Falcon SDK for Python
Python
358
star
4

psfalcon

PowerShell for CrowdStrike's OAuth2 APIs
PowerShell
350
star
5

Forensics

Scripts and code referenced in CrowdStrike blog posts
Python
325
star
6

ember-timetree

Visualize hierarchical timeline data. Built with Ember.js and D3.js
JavaScript
273
star
7

SuperMem

A python script developed to process Windows memory images based on triage type.
Python
258
star
8

travel-laptop

Auxiliary documentation and scripts around "A Reasonably Safe Travel Burner Laptop"
C++
225
star
9

falcon-orchestrator

CrowdStrike Falcon Orchestrator provides automated workflow and response capabilities
JavaScript
181
star
10

CrowdDetox

The CrowdDetox plugin for Hex-Rays automatically removes junk code and variables from Hex-Rays function decompilations.
C++
157
star
11

cs-bro

Bro scripts written by CrowdStrike Services
Zeek
147
star
12

Cloud-AWS

A collection of projects supporting AWS Integration
Python
146
star
13

logscale-community-content

This repository contains Community and Field contributed content for LogScale
Shell
139
star
14

CrowdFMS

CrowdStrike Feed Management System. CrowdFMS is a framework for automating collection and processing of samples from VirusTotal, by leveraging the Private API system. This framework automatically downloads recent samples, which triggered an alert on the users YARA notification feed.
Python
123
star
15

csproto

CrowdStrike's Protocol Buffers library
Go
122
star
16

falcon-scripts

Scripts to streamline the deployment and use of the CrowdStrike Falcon sensor
PowerShell
117
star
17

Falcon-Toolkit

Unleash the power of the Falcon Platform at the CLI
Python
108
star
18

falcon-query-assets

Welcome to the Falcon Query Assets GitHub page.
Shell
98
star
19

ansible_collection_falcon

Comprehensive toolkit for streamlining your interactions with the CrowdStrike Falcon platform.
Python
88
star
20

xwf-yara-scanner

C
84
star
21

CAST

CrowdStrike Archive Scan Tool
PowerShell
83
star
22

tf2rust

Tensorflow to Rust is a tool to convert trained Tensorflow models to pure Rust code.
Python
83
star
23

VirtualGHOST

VirtualGHOST Detection Tool
PowerShell
83
star
24

falcon-helm

Helm Charts for running CrowdStrike Falcon with Kubernetes
Smarty
71
star
25

gofalcon

Golang-based SDK to CrowdStrike's APIs
Go
57
star
26

pyspresso

The pyspresso package is a Python-based framework for debugging Java.
Python
51
star
27

falcon-operator

Go
49
star
28

ember-browser-services

Services for interacting with browser APIs so that you can have fine-grained control in tests.
TypeScript
46
star
29

MISP-tools

Import CrowdStrike Threat Intelligence into your instance of MISP
Python
39
star
30

detection-container

PHP
38
star
31

perseus

The hero we all need to defeat the kraken that is Go module dependency graphs
Go
37
star
32

gotel

GoTel - Scheduled job monitoring
Go
36
star
33

falcon-windows-host-recovery

Automated Windows host recovery
Rich Text Format
35
star
34

community

CrowdStrike's Open Source Policy & Contribution Guide
HTML
35
star
35

caracara

Developer enhancements (DX) for FalconPy, the CrowdStrike Python SDK
Python
34
star
36

container-image-scan

Code to scan a container with CrowdStrike and return response codes indicating pass/fail status.
Python
33
star
37

Dockerfiles

Automation to help create container images pre-loaded with the CrowdStrike Falcon sensor.
Shell
31
star
38

chopshop

Mitre chopshop network decoder framework
Python
30
star
39

FDR

Falcon Data Replicator
Python
29
star
40

faltest

A different take on WebDriver browser testing
JavaScript
28
star
41

ember-headless-form

Headless forms with a11y and validation support built in
TypeScript
28
star
42

Cloud-Azure

Discover for Cloud and Containers Azure
HCL
27
star
43

embersim-databank

Code for the paper "EMBERSim: A Large-Scale Databank for Boosting Similarity Search in Malware Analysis"
Python
25
star
44

apbf

Go package implementing Age-Partitioned Bloom Filters (APBF)
Go
25
star
45

go-metrics-sliding-window

A sliding window sampling implementation for the rcrowley/go-metrics library.
Go
24
star
46

ember-headless-table

TypeScript
23
star
47

ember-aria-utilities

ARIA utilities for helping create some of the more complex ARIA design patterns. Follows https://www.w3.org/TR/wai-aria-practices/
TypeScript
20
star
48

bpfmon-example

proof-of-concept example of using eBPF to Monitor for eBPF Map tampering
C
20
star
49

falcon-windows-repair

Scripts to aid in diagnosing and repairing unhealthy Windows Falcon Sensor installations
PowerShell
19
star
50

ember-resource-tasks

Resources for async functions in Ember
TypeScript
18
star
51

falcon-integration-gateway

Falcon Integration Gateway (FIG)
Python
18
star
52

cloud-resource-estimator

Cloud deployment size calculation utilities
Python
17
star
53

ember-url-hash-polyfill

Support for in/inter page linking / scrolling with hashes in EmberJS
TypeScript
17
star
54

tf-layers

Tensorflow Layers provides Rust implementations of Tensorflow model layers
Rust
16
star
55

tailwind-toucan-base

Base Tailwind config for the Toucan design system.
JavaScript
15
star
56

aws-ssm-distributor

HCL
15
star
57

omigo-data-analytics

Data Analytics Library for Python
Python
15
star
58

helpful-links

List of helpful publicly available CrowdStrike material.
14
star
59

ivan

Falcon Image Vulnerability Analysis (IVAN) is a command-line image assessment tool.
13
star
60

container-image-scan-action

CrowdStrike Container Image Scan Github Action
Shell
13
star
61

zscaler-FalconX-integration

This is the integration to feed Falcon X IOC data into zscaler's platform
Python
13
star
62

ember-velcro

Ember Velcro sticks one element to another with Floating UI.
TypeScript
13
star
63

kafka-replicator

Kafka replicator is a tool used to mirror and backup Kafka topics across regions
Go
13
star
64

OWASSRF

PowerShell
13
star
65

falconjs

CrowdStrike Falcon API JS library for the browser and Node
TypeScript
12
star
66

rusty-falcon

Rust bindings for CrowdStrike Falcon API
Rust
12
star
67

Identity-Protection

PowerShell
11
star
68

monorepo-next

Detach monorepo packages from normal linking
JavaScript
10
star
69

NotPetyaDecryptor

Python
9
star
70

ember-toucan-core

Toucan Design System
TypeScript
9
star
71

aws-security-lake

Integration guide for CrowdStrike and Amazon Security Lake
Shell
8
star
72

terraform-provider-crowdstrike

https://registry.terraform.io/providers/CrowdStrike/crowdstrike/latest/docs
Go
7
star
73

puppet-falcon

Ruby
7
star
74

terraform-kubectl-falcon

Module to manage CrowdStrike Falcon Sensor and the Kubernetes Protection Agent on a Kubernetes cluster.
HCL
7
star
75

Cloud-GCP

A collection of projects supporting GCP integration
Shell
6
star
76

cloud-tools-image

Command-line tools for remote communication with public and private cloud environments.
Shell
6
star
77

aws-verified-access

Integration details between CrowdStrike Falcon Zero Trust Assessments (ZTA) and AWS Verified Access
6
star
78

foundry-sample-mitre

Triage with MITRE Attack sample Foundry app
CSS
6
star
79

HEC-Log-Shipper

This repository contains examples of code used to send data to Humio instances
Python
5
star
80

image-scan-example

HCL
5
star
81

Container-Security

HCL
5
star
82

cloud-scripts-hide-host

Event driven solution to automatically hide hosts from CrowdStrike upon termination.
Python
5
star
83

foundry-sample-scalable-rtr

Scalable RTR sample Foundry app
TypeScript
5
star
84

foundry-fn-go

Go
4
star
85

crimson-falcon

A Shiny Ruby SDK of our Falcon API
Ruby
4
star
86

ember-toucan-styles

Ember wrapper, CSS, and JS utilities for working with the Toucan design system
JavaScript
4
star
87

ember-three

Ember.js three.js shim
JavaScript
4
star
88

foundry-sample-rapid-response

Rapid Response sample Foundry app
TypeScript
4
star
89

falcon-cli

Go
3
star
90

logscale-azure-event-hub-collector

LogScale Azure Event Hub Collector
Python
3
star
91

cloud-pov

HCL
3
star
92

devdays

Shell
3
star
93

cs.aws_account

Python
3
star
94

chronicle-intel-bridge

CrowdStrike to Chronicle Intel Bridge
Python
3
star
95

kubectl-falcon

Plug-in to kubectl command-line tool that helps with manipulation of Falcon Container.
Go
3
star
96

upb-cloud-workshop

A cloud workshop organised by Crowdstrike in Bucharest, Romania for the students of Universitatea Politehnica Bucharest
Go
3
star
97

opensource.crowdstrike.com

JavaScript
3
star
98

CrowdStrike-Spotlight-Humio-Package-Integration

Python
3
star
99

ember-number-to-words-shim

Ember.js number-to-words shim
JavaScript
3
star
100

template-gitbook-workshop

Code behind https://crowdstrike.gitbook.io/template-gitbook-workshop/
CSS
3
star