RubyGems - lense - Versions diffs - 0.1.25 → 0.1.26 - Mend

lense 0.1.25 → 0.1.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 087b3ef495a47f100cc11ad6e1fb20ba9450e153
-  data.tar.gz: 9c627e0fc41207295c477421ec82032dfeba2589
+  metadata.gz: 93081a4dd98c443306c190459fcd3005e51e8c06
+  data.tar.gz: 9ecceca898731f2abcb7d97292dc3e24399fbc29
 SHA512:
-  metadata.gz: 97fcdde37948525455d227da81278197e8f77279aed75a2427330c9a713098cc6568f2d0d5a62ce367b92fb54e54979442fc2c329acd279cf94e2734b66649e2
-  data.tar.gz: c7ceb05d8540d6e345fa7238a10010bb8310e68b797fe7b94c4195f89d689b6a2ede40b6bb9d8584d601d7d54d5190e8c3863c2b6f33809d91ce78d9af781e0c
+  metadata.gz: 9e71efcc4ad9c150a6095eb554d1dd5a58aa0bcbcb26f4f76f1c2c07264599fcdcad5d3c783361ff0989e1a63f0a75f2cd9661abdc5fb7df0f9a988ae8c11148
+  data.tar.gz: 7eac7d1e887c6c1cbd310ac7a02c88bb1f09aece10096854c79f99ab2ccded0225264b0eb34478d7be433ea3fa7fa300a7377dcff0bcc8135d48d6e17dc6d5ce

data/bin/lense CHANGED Viewed

@@ -15,12 +15,14 @@ LENSE_APP = LENSE.new
 pre do |global_options,command,options,args|
   found_docker = system_check('which docker')
+  found_docker_compose = system_check('which docker-compose')
   docker_running = found_docker && system_check('docker version')
   found_vagrant = system_check('which vagrant')
   found_git = system_check('which git')
   be_quiet = global_options[:quiet] || LENSE_APP.config["quiet"]
   puts "WARNING: Docker not found. Unable to run courses that use Docker!" unless  found_docker || be_quiet
+  puts "WARNING: Docker Compose not found. Unable to run courses that use Docker Compose!" unless  found_docker || be_quiet
   puts "WARNING: Docker is not running. Unable to run courses that use Docker!" if (found_docker && !docker_running) && !be_quiet
   puts "WARNING: Vagrant not found. Unable to run courses that use Vagrant!" unless found_vagrant || be_quiet

data/data/mfwvl1.yaml CHANGED Viewed

@@ -1,54 +1,57 @@
 ---
 # Name of course. Should match website
-course_name: Memory Forensics With Volatility Lesson 1
-# Folder in ~/.lense directory
-folder_name: mfwvl1
-# Eh why not?
-course_difficulty: 1
-# Items to download. Should be placed in ~/.lense/<folder_name>
-downloads:
-  - https://drive.google.com/file/d/0B50xr4dwmqonNmtpa3pycGM4WXM/view?usp=sharing
-# Any docker containers to pull.
-docker: llacoste/docker_volatility
-# The final command to open in a new terminal.
-entry_point: docker run -v ~/.lense/mfwvl1/my_memory_sample.vmem:/data -i -t
-# Begin the lesson.
-lesson_plan:
-  - say: Load up volshell on the windows_xp.vmem image (volatility -f windows_xp.vmem volshell)
-  - say: 'We are going to take a look at some TYPEs in volshell. Using the dt command inspect: _EPROCESS _ETHREAD _TOKEN'
-    question:
-      ask: What do you see?
-      hint: 'Enter: dt("<TYPE>")'
-      expect: '*'
-  - say: Exit volshell and run pslist
-    question:
-      ask: What process has PID 296?
-      expect: svchost.exe
-  - say: Now run psscan
-    question:
-      ask: What is the offset of the explorer.exe process with PID 236
-      expect: '0x0000000005201a08'
-  - say: Now run pstree
-    question:
-      ask: What is the name of the first child process of explorer.exe with PID 236
-      expect: vmtoolsd.ex
-  - say: Now run psxview
-    question:
-      ask: What process has PID 296?
-      expect: svchost.exe
-  - say: You can look at the privileges of a process by using the privs plugin along with the -p flag. Use the -p flag on various plugins to focus on a particular process with the given PID i.e. -p 236 for explorer.exe. Run privs on explorer.exe
-    question:
-      ask: What are the privileges for SeImpersonatePrivilege
-      expect: Present,Enabled,Default
+course:
+  title: Memory Forensics With Volatility Lesson 1
+  difficulty: 1
+  authors:
+    - name: Lance Lacoste
+      email: lance.lacoste@gmail.com
+  # Items to download. Should be placed in ~/.lense/<folder_name>
+  data:
+    # ~/.lense/courses/llacoste/mfwvl1/data/foo
+    - rel: data
+      url: https://drive.google.com/file/d/0B50xr4dwmqonNmtpa3pycGM4WXM/view?usp=sharing
+      description: "why you need it?"
+    # ~/.lense/courses/llacoste/mfwvl1/data/memdumps/foo
+    - rel: data/memdumps
+      url: https://drive.google.com/file/d/0B50xr4dwmqonNmtpa3pycGM4WXM/view?usp=sharing
+      description: "why you need it?"
+  # The final command to open in a new terminal.
+  entry_point: docker run -v ~/.lense/mfwvl1/my_memory_sample.vmem:/data -i -t llacoste/docker_volatility
+  # Begin the lesson.
+  lesson_plan:
+    - say: Load up volshell on the windows_xp.vmem image (volatility -f windows_xp.vmem volshell)
+    - say: 'We are going to take a look at some TYPEs in volshell. Using the dt command inspect: _EPROCESS _ETHREAD _TOKEN'
+      question:
+        ask: What do you see?
+        hint: 'Enter: dt("<TYPE>")'
+        expect: '*'
+    - say: Exit volshell and run pslist
+      question:
+        ask: What process has PID 296?
+        expect: svchost.exe
+    - say: Now run psscan
+      question:
+        ask: What is the offset of the explorer.exe process with PID 236
+        expect: '0x0000000005201a08'
+    - say: Now run pstree
+      question:
+        ask: What is the name of the first child process of explorer.exe with PID 236
+        expect: vmtoolsd.exe
+    - say: Now run psxview
+      question:
+        ask: What process has PID 296?
+        expect: svchost.exe
+    - say: You can look at the privileges of a process by using the privs plugin along with the -p flag. Use the -p flag on various plugins to focus on a particular process with the given PID i.e. -p 236 for explorer.exe. Run privs on explorer.exe
+      question:
+        ask: What are the privileges for SeImpersonatePrivilege
+        expect: Present,Enabled,Default

data/lib/lense.rb CHANGED Viewed

@@ -4,7 +4,7 @@ require 'highline/import'
 class LENSE
   attr_reader :config, :current_course
-  VERSION             = '0.1.25'
+  VERSION             = '0.1.26'
   LENSE_DIR           = File.join(ENV['HOME'],'.lense')
   COURSES_DIR         = File.join(LENSE_DIR,'courses')
   CURRENT_COURSE_FILE = File.join(LENSE_DIR,'current_course')
@@ -71,7 +71,7 @@ class LENSE
     test_str = File.file?(test_file) ? File.read(test_file) : ''
     lense_file = Psych.load(test_str) || {}
-    lense_file['lesson_plan'].each do |lesson|
+    lense_file['course']['lesson_plan'].each do |lesson|
       say question_separator
       say "#{say_prefix} #{lesson['say']}" if lesson['say']

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: lense
 version: !ruby/object:Gem::Version
-  version: 0.1.25
+  version: 0.1.26
 platform: ruby
 authors:
 - Manuel Zubieta
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-04-22 00:00:00.000000000 Z
+date: 2015-04-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake