The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Please refer to the wiki for more information about the CyberCX Digger project, and the tool itself.
CyberCX Digger can perform scans on both individual systems and across an entire network. A network connection is not required to use this tool. An HTML report will be generated once the scan completes.
Go to the Downloads page to obtain the latest CyberCX Digger executable and checksum. Verify the download against the checksum.
Open a Command Prompt with Administrator privileges and run the CyberCX Digger executable. It can be run from any drive, including a removable drive or network share. It requires no installation and has no external dependencies. It makes no configuration changes to the system and should have negligible impact on the system.
After completing the scan, an HTML report is created within the same folder. This contains any findings from the scan, plus details on what each finding means. The HTML report links back to this website for additional information, however no scan data is uploaded and we do not record your visits to the website. Any relevant items found are copied into a ZIP file in the same folder, to assist with further analysis.
Further investigation may be necessary to confirm if any findings are indeed malicious. The HTML report will recommend any next steps required.
During 2020, especially within the May to June period, Australia experienced a significant increase in cyber incidents targeting all levels of government and across a wide range of industry sectors. The threat actors responsible combined basic attack techniques with more sophisticated elements that are more difficult to detect. The threat actor is known to leave implants on compromised networks to facilitate re-entry. CyberCX Digger was created to help system owners determine whether their networks may have been compromised by these methods.
CyberCX’s Digital Forensic & Incident Response (DFIR) team has worked with several clients to detect and respond to these breaches, in collaboration with government agencies and industry partners. Through this work, our DFIR team has produced specific threat intelligence which can quickly and effectively detect evidence of the threat actors on systems.
Through CyberCX’s ongoing collaboration with the Velociraptor Project, (another proud Australian technology innovation) we have developed CyberCX Digger.
The objectives for CyberCX Digger are to:
The key features of CyberCX Digger are:
If you believe your network may be compromised, please contact the CyberCX Digital Forensic & Incident Response team at [email protected]
CyberCX is Australia’s leading force of cyber security professionals, with over 500 specialists across Australia, New Zealand, the UK and the USA, providing services across the following practice areas:
The CyberCX Digital Forensics & Incident Response team (DFIR) helps our clients to investigate and respond to a broad range of digital forensic investigations and cyber incidents every day. With the largest number of DFIR specialists across the region, we provide an unmatched depth of technical expertise, industry experience and local resources when and where our clients need us.
Velociraptor is an endpoint visibility platform developed in Australia, which provides leading capabilities for distributed digital forensic analysis, endpoint monitoring and the surgical collection of evidence from across networks.
The foundation of Velociraptor is a unique query language named VQL which allows writing specific detection queries, known in Velociraptor as Artefacts, which leverage the underlying Velociraptor functionality and can be easily distributed and shared.
CyberCX has been a proud collaborator of the Velociraptor project since its early days. CyberCX Digger is yet another example of the benefits of this partnership to the cyber security industry and the communities we protect.
Please note the following conditions when using CyberCX Digger: