Diffy: an interesting DFIR tool released from Netflix’s SIRT

The Netflix Security Intelligence and Response Team (SIRT) has released (under Apache 2.0 license) a triage tool to help digital forensics and incident response teams quickly identify compromised hosts on which to focus their response.

The tool, written in python 3 and named “Diffy”, is strictly focused on security incidents on cloud architectures.


Share files from command line with transfer.sh: a simple cheatsheet

Transfer.sh is a website that helps users to share files from the command-line an efficient way.
It won’t required any additional software to work except cURL.

If your linux distribution doesn’t have cUrl (unlikely!), you can install it with

sudo apt install curl

The service is free and allows users to upload files up to 10 GB, that are deleted automatically from server after 14 days.

Here a brief cheatsheet.


$ curl --upload-file ./hello.txt https://transfer.sh/hello.txt

Encrypt & upload

$ cat /tmp/hello.txt|gpg -ac -o-|curl -X PUT --upload-file "-" https://transfer.sh/test.txt

Download & decrypt

$ curl https://transfer.sh/1lDau/test.txt|gpg -o- > /tmp/hello.txt

Upload and check with virustotal

$ curl -X PUT --upload-file nhgbhhj https://transfer.sh/test.txt/virustotal

Bash/Zsh alias

Add  to .bashrc or .zshrc:

transfer() {
# write to output to tmpfile because of progress bar
tmpfile=$( mktemp -t transferXXX )
curl --progress-bar --upload-file $1 https://transfer.sh/$(basename $1) >> $tmpfile;
cat $tmpfile;
rm -f $tmpfile;

alias transfer=transfer


$ transfer test.txt