Keeping track of all the samples on your plate can become cumbersome and at times, next to impossible; that's where projects like Viper come in. Viper is "a framework to store, classify and investigate binary files." The following article, contributed by David Westcott, explains how to get started with this tool.
FOR526 - 10% Off for vLive (Online Live Training)orCapital City in July. Use code = m3mory
FOR526 - 10% Off forvLive(Online Live Training)orCapital City in July. Use code = m3mory
At SANS 2014 last night, I gave a quick briefing on the HeartBleed vulnerability that impacts the security of the Internet. I wanted to post a few links in the interim (until the webcast itself is published, which I'm told will be by 3PM EDT).
The slides are available here.
I have built a server in the cloud that exposes the vulnerability. You can access the server at https://heartbleed.csr-group.com until it gets taken down by the hosting provider (which seems inevitable). However, if your management needs to see this in action, please feel free to use the server to demonstrate the vulnerability.
Additionally, I took a packet capture that exposes the vulnerability. This is suitable for testing your IDS signatures against. Hopefully you find this useful as well. The packet capture can be...
CrowdResponse is a free tool written by Robin Keir from CrowdStrike. Robin has a long history of developing excellent tools for the community including SuperScan, BinText, Fpipe, and CrowdInspect. The goal of CrowdResponse is to provide a lightweight solution for incident responders to perform signature detection and triage data collection. It supports all modern Windows platforms up to Server 2012 and is command-line based making it easy to deploy at scale. Version 1.0 focuses on signature detection, with a powerful YARA scanning engine. It ships with a very detailed user manual but since only a few actually read such things, I thought it would be interesting to show the tool in action.
Running YARA Scans
YARA, or Yet Another Regex Analyzer, has become one of the leading tools for describing and detecting malware. A YARA rule consists of a series of ...
Understanding how malicious software implements command and control (C2) is critical to incident response. Malware authors could use C2 to execute commands on the compromised system, obtain the status of the infection, commandeer numerous hosts to form a bot network, etc. This article explains how malware performs C2 functions and clarifies how this information can aid responders in detecting, analyzing, and remediating malware incidents.