dissect.target.loaders.cb
#
Module Contents#
Classes#
Use Carbon Black endpoints as targets using Live Response. |
|
Provides registry access for Windows targets. |
|
Base class for registry hives. |
|
Base class for registry keys. |
|
Base class for registry values. |
- class dissect.target.loaders.cb.CbLoader(path: str, parsed_path: urllib.parse.ParseResult = None, **kwargs)#
Bases:
dissect.target.loader.Loader
Use Carbon Black endpoints as targets using Live Response.
Use as
cb://<hostname or IP>[@<instance>]
.Refer to the Carbon Black documentation for setting up a
credentials.cbc
file.- get_device() cbc_sdk.platform.Device | None #
- static detect(path: pathlib.Path) bool #
Detects wether this
Loader
class can load this specificpath
.- Parameters:
path – The target path to check.
- Returns:
True
if thepath
can be loaded by aLoader
instance.False
otherwise.
- map(target: dissect.target.target.Target) None #
Maps the loaded path into a
Target
.- Parameters:
target – The target that we’re mapping into.
- class dissect.target.loaders.cb.CbRegistry(target: dissect.target.target.Target, session: cbc_sdk.live_response_api.LiveResponseSession)#
Bases:
dissect.target.plugins.os.windows.registry.RegistryPlugin
Provides registry access for Windows targets.
Acts much the same to how the registry works on a live Windows machine. Hives are correctly mapped under e.g. HKLMSOFTWARE.
Internal functions only.
- __register__ = False#
- check_compatible() bool #
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- class dissect.target.loaders.cb.CbRegistryHive(session: cbc_sdk.live_response_api.LiveResponseSession, root_key: str)#
Bases:
dissect.target.helpers.regutil.RegistryHive
Base class for registry hives.
- key(key: str) CbRegistryKey #
Retrieve a registry key from a specific path.
- Parameters:
key – A path to a registry key within this hive.
- Raises:
RegistryKeyNotFoundError – If the registry key could not be found.
- class dissect.target.loaders.cb.CbRegistryKey(hive: CbRegistryHive, path: str)#
Bases:
dissect.target.helpers.regutil.RegistryKey
Base class for registry keys.
- Parameters:
hive – The registry hive to which this registry key belongs.
- property name: str#
Returns the name of this key.
- property path: str#
Returns the path of this key.
- property timestamp: datetime.datetime#
Returns the last modified timestamp of this key.
- data() dict #
- subkey(subkey: str) CbRegistryKey #
Returns a specific subkey from this key.
- Parameters:
subkey – The name of the subkey to retrieve.
- Raises:
RegistryKeyNotFoundError – If this key has no subkey with the requested name.
- subkeys() list[CbRegistryKey] #
Returns a list of subkeys from this key.
- value(value: str) str #
Returns a specific value from this key.
- Parameters:
value – The name of the value to retrieve.
- Raises:
RegistryValueNotFoundError – If this key has no value with the requested name.
- values() list[CbRegistryValue] #
Returns a list of all the values from this key.
- class dissect.target.loaders.cb.CbRegistryValue(hive: CbRegistryHive, name: str, data: str, type: str)#
Bases:
dissect.target.helpers.regutil.RegistryValue
Base class for registry values.
- Parameters:
hive – The registry hive to which this registry value belongs.
- property name: str#
Returns the name of this value.
- property value: str#
Returns the value of this value.
- property type: str#
Returns the type of this value.