Are you looking for a lightweight system to be part of your Incident Response kit? This is probably the package for you. It contains all the basic elements needed to capture data on the fly with Suricata, Bro, Logstash, Kibana, Elasticsearch and Kafka needed to conduct an investigation. Two options exist to get going to …
Read more “rockNSM as a Incident Response Package, (Sun, Sep 17th)”
———– Guy Bruneau IPSS Inc. Twitter: GuyBruneau gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
I’m still busy to follow how webshells are evolving… I recently found another backdoor in another webshell called “cor0.id”. The best place to find webshells remind pastebin.com[1]. When I’m testing a webshell, I copy it in a VM located on a “wild Internet” VLAN in my home lab with, amongst other controls, full packet capture …
Read more “Another webshell, another backdoor!, (Thu, Sep 14th)”
I recently had an internal penetration test with a client. During the initial discussions, where the client set the scope and so on, I asked if they had any IPv6 in their environment (mainly because I’m hoping that someday, someone will say yes). Their answer was an emphatic “no”. My answer to that was “Challenge …
Read more “No IPv6? Challenge Accepted! (Part 1), (Wed, Sep 13th)”
=============== Rob VandenBrink Compugen (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Below we do have our quick summary table for today’s Microsoft patches. I am still working on getting this set up a bit better based on the new Microsoft patch Tuesday process. Title CVE Publicly Disclosed? Exploited? Impact Rating .NET Framework Remote Code Execution Vulnerability CVE-2017-8759 Not Publicly Disclosed Exploited! Remote Code Execution Important …
Read more “Microsoft Patch Tuesday September 2017, (Wed, Sep 13th)”
WINSpect recently hit my radar via Twitter, and the author, Amine Mehdaoui, just posted an update a couple of days ago, so no time like the present to give you a walk-through. WINSpect is a Powershell-based Windows Security Auditing Toolbox. According to Amine’s GitHub README, WINSpect “is part of a larger project for auditing different areas of Windows environments. …
In my PDF analysis I started last week, I have to analyze a JPEG file. I usually do this with a binary editor with templates (010 Editor), but this is not an open source solution. I made a tool (written in Python) to help me analyze JPEG files. The tool, jpegdump.py, is still beta. Before …
An interesting conversation unfolded on my diary entry ‘”Malware analysis: searching for dots“. Back in the old days, on DOS, typing untrusted output to the console could result in escape sequences changing your environment. Catting binary data to your Linux terminal can also have unwanted effects. Since Python can be used in many environments, there …
Read more “Malware analysis output sanitization, (Sat, Sep 9th)”
— Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute STI|Twitter| (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.