Blog Posts Tagged with "Analysis"


Do You Have a Vendor Security Check List? You Should!

May 09, 2013 Added by:Michael Fornal

A security check list is a list of security controls that a vendor or application must meet. These controls can range from how storage back up is to be done, to password complexity requirements. Having a checklist can help you in deciding if the application or vendor conforms to your company’s security requirements.

Comments  (0)


IP Analysis with AV Tracker

November 04, 2012 Added by:Rob Fuller

Ever set up a multi/handler and get an odd IP hitting it? You might have just been caught. AV Tracker is a site that tracks the different IP addresses, hostnames, computer names and user agents that AV and other submit-your-malware-here drop boxes use...

Comments  (0)


The subtle difference between metrics and insight

October 18, 2012 Added by:Rafal Los

The audience matters when you're collecting data and trying to make sense of it. In fact, the audience matters so much that sometimes you can't even 'refine' your way from one tier to another without going out and collecting a whole new set of data..

Comments  (2)


Analyzing Desktops, Heaps, and Ransomware with Volatility

September 24, 2012 Added by:Michael Ligh

This post discusses the undocumented windows kernel data structures for desktop objects and desktop heaps. You'll see how to use memory forensics to detect recent malware including the ACCDFISA ransomware and Tigger variants...

Comments  (0)


Analyzing Jynx and LD_PRELOAD Based Rootkits

September 23, 2012 Added by:Andrew Case

In order to have samples to test against, I used the sample provided by SecondLook on their Linux memory images page, and I also loaded the Jynx2 rootkit against a running netcat process in my Debian virtual machine that was running the 2.6.32-5-686 32-bit kernel...

Comments  (0)


Detecting Window Stations and Clipboard Monitoring Malware with Volatility

September 19, 2012 Added by:Michael Ligh

Explore undocumented windows kernel data structures related to window station objects and the clipboard. Detect clipboard-snooping malware using Volatility - an advanced memory forensics framework...

Comments  (0)


Analyzing the KBeast Rootkit and Detecting Hidden Modules with Volatility

September 18, 2012 Added by:Andrew Case

KBeast is a rootkit that loads as a kernel module. It also has a userland component that provides remote access. This backdoor is hidden from other userland applications by the kernel module. KBeast also hides files, directories, and processes that start with a user defined prefix...

Comments  (0)


Practical Packet Analysis

September 18, 2012 Added by:Jayson Wylie

This book details topics and features to help analyze traffic issues and identify potential problematic points to improve performance and verify the valid flow of common network communications that can help differentiate the good traffic from the bad...

Comments  (1)


State-Sponsored Attacks or Not? That's the Question...

September 18, 2012 Added by:Pierluigi Paganini

Despite the use of cyber weapons and the damage caused by offensive operations being major concerns for intelligence agencies, clues are frequently discovered about attacks designed to steal sensitive information and intellectual property. Who is behind these cyber attacks?

Comments  (0)


Analyzing the Average Coder Rootkit, Bash History, and Elevated Processes with Volatility

September 16, 2012 Added by:Andrew Case

This post showcases some of Volatility’s new Linux features by analyzing a popular Linux kernel rootkit named “Average Coder” and includes recovering .bash_history, finding userland processes elevated to root, and discovering overwritten file operation structure pointers...

Comments  (0)


FireEye Advanced Threat Report: The Inadequacy of Defenses

September 12, 2012 Added by:Pierluigi Paganini

The security firm FireEye has released an interesting report that provides an overview of the current threat landscape, evolving malware, advanced persistent threat (APT) tactics, and the level of infiltration seen in organizations’ networks today. The report presents an alarming scenario ...

Comments  (0)


Rapid 7 Analysis of Data Breach Incidents

September 11, 2012 Added by:Pierluigi Paganini

Excluding attacks by foreign governments and cyber criminals that exploit 0-days, with best practices and the adoption of compliance at the current standard, in matters of security it is possible to avoid data breach incidents, or at least reduce the amount of exposed information...

Comments  (0)


Pentoo 2012: A Penetration Testers Distro of Gentoo Linux

September 09, 2012 Added by:Dan Dieterle

I’ve never seen Pentoo before, but couldn’t resist taking a peek. Basically Pentoo is Gentoo Linux with a bunch of security focused tweaks. I am married to Backtrack and am not interested in switching to another Linux Security Distro, but Pentoo looks enticing...

Comments  (1)


ICS-CERT: Oil and Natural Gas Pipeline Intrusion Campaign

August 28, 2012 Added by:Infosec Island Admin

ICS-CERT onsite analysis included a search for host-based and network-based indicators to identify additional hosts for further analysis. ICS-CERT hashed files from approximately 1700 machines and compared them to hashes of known malicious files and examined proxy logs to identify any suspicious network activity...

Comments  (1)


Ghost USB Honeypot: Interview with Project Leader Sebastian Poeplau

August 27, 2012 Added by:InfoSec Institute

Ghost is a honeypot for detecting malware that spreads via USB devices. It first tries to emulate a USB thumb drive. If the malware identifies it as a USB thumb drive, it will trick the malware into infecting it. Ghost then looks for write based requests on the drive, which is an indication of a malware...

Comments  (1)


The Poor State of Cyber Intelligence

August 23, 2012 Added by:Jeffrey Carr

The state of cyber intelligence as it is practiced by infosec professionals and others who are not trained in the science of rigorous analysis is often exponentially worse. Many analysts are missing huge gaps in the threat landscape and are doing a great disservice to their customers and their craft...

Comments  (1)

Page « < 1 - 2 - 3 - 4 > »
Most Liked