Browers Updated

-
Update your Google Chrome and FireFox. Security Updates were released.

Comments

Post a Comment

Popular posts from this blog

Investigating Indicators of Compromise In Your Environment With Latest Version of Redline

-
Image
Investigating Indicators of Compromise In Your Environment With Latest Version of Redline : Recently, Mandiant ® released a new version of Redline ™ . If you are not familiar with Redline, it is a great tool for investigating a specific Windows host in depth. We will have a more thorough look into Redline in the next month or so. What I wanted to touch on today is one of Redline’s brand new features: you can now use Indicators of Compromise (IOCs) to drive your Redline investigations. If you are not familiar with IOCs, I urge to you take a moment and head over to http://OpenIOC.org and have a look around. IOCs are the best way for finding indications of compromise and/or intrusion throughout your enterprise. IOCs are one of the main technologies that power Mandiant Intelligent Response, Mandiant’s flagship IR appliance, and have previously been accessible in free products with IOC Editor & IOC Finder . Some blog entries that might help bring you up to speed are Ryan Kazanciya...
Read more

Painting a Picture of W32.Flamer

-
Image
Painting a Picture of W32.Flamer : The number of different components in W32.Flamer is difficult to grasp. The threat is a well designed platform including, among other things, a Web server, a database server, and secure shell communications. It includes a scripting interpreter which allows the attackers to easily deploy updated functionality through various scripts. These scripts are split up into 'apps' and the attackers even appear to have something equivalent to an 'app store' from where they can retrieve new apps containing malicious functionality. To get an idea of how all these components fit together, the best place to start is a file called mssecmgr.ocx . This is W32.Flamer's main file and it is the first element of the threat executed by an infected computer. The file mssecmgr.ocx contains a large number of sub-components. A breakdown of the various components and how they are stored in this file are shown in Figure 1 below: Figure 1. Overview of W...
Read more

Searching With VirusTotal

-
Image
Searching With VirusTotal : Did you know that you can search VirusTotal ? You don’t have to submit a file, but you can search for the report of a file has been submitted before. You use a cryptographic hash (MD5, SHA1, SHA256) to identify the file. There are several tools to submit a batch of files to VirusTotal, but I didn’t find any that just searches VirusTotal for a list of search terms via VirusTotal’s API . Thus I wrote my own Python program. It accepts a file with a list of hashes, and produces a CSV file with the result. Here is an example displayed with InteractiveSieve : To get this program working, you need to get a VirusTotal API key and add it to this program. You need a VirusTotal account to get your API key. And my program respects VirusTotal’s rate limitation (4 requests per minute), I don’t want it to DoS VirusTotal. virustotal-search_V0_0_1.zip ( https ) MD5: 0F3A1E18C79DFDB143CCC2F860E2C4B2 SHA256: BD213BBC55A9048DBB7B890209E2831EF81049B45ABE9091E01F0692F...
Read more