What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-04-06 17:15:05 | Reaper Botnet (lien direct) | The ISBuzz Post: This Post Reaper Botnet | Cloud | APT 37 | |
 |
2018-04-06 14:54:05 | Researchers Link New Android Backdoor to North Korean Hackers (lien direct) | The recently discovered KevDroid Android backdoor is tied to the North Korean hacking group APT37, Palo Alto Networks researchers say. | Cloud | APT 37 | |
|
2018-04-06 12:08:04 | New Strain of ATM Jackpotting Malware Discovered (lien direct) | >A new type of ATM jackpotting malware has been discovered. Dubbed ATMJackpot, the malware appears to be still under development, and to have originated in Hong Kong. There are no current details of any deployment or use. ATMJackpot was discovered and analyzed by Netskope Threat Research Labs. It has a smaller footprint than earlier strains of jackpotting malware, but serves the same purpose: to steal money from automated teller machines (ATMs). ATM jackpotting -- also known as a logical attack -- is the use of malware to control cash dispensing from individual ATMs. The malware can be delivered locally to each ATM via a USB port, or remotely by compromising the ATM operator network. Jackpotting has become an increasing problem in recent years, originally and primarily in Europe and Asia. In 2017, Europol warned that ATM attacks were increasing. "The malware being used has evolved significantly and the scope and scale of the attacks have grown proportionately," said Steven Wilson, head of Europol's EC3 cybercrime center. The first attacks against ATMs in the U.S. were discovered in January 2018 following an alert issued by the Secret Service. In March 2018, the alleged leader of the Carbanak group was arrested in Spain. Carbanak is believed to have stolen around $1.24 million over the preceding years. Its method was to compromise the servers controlling ATM networks by spear-phishing bank employers, and then use foot soldiers (mules) to collect money dispensed from specific ATMs at specific times. It is not clear whether the ATMJackpot malware discovered by Netskope is intended to be manually installed via USB on individual ATMs, or downloaded from a compromised network. Physical installation on an ATM is not always difficult. In July 2017, IOActive described how its researchers could gain access to the Diebold Opteva ATM. It was achieved by inserting a metal rod through a speaker hole and raising a metal locking bar. From there they were able to reverse engineer software to get access to the money vault. Jackpotting malware is designed to avoid the need to physically break into the vault. It can be transferred via a USB port to the computer part of the ATM that controls the vault. Most ATMs use a version of Windows that is well understood by criminals. ATMJackpot malware first registers the windows class name 'Win' with a procedure for the malware activity. The malware then populates the options on the window and initiates a connection with the XFS manager. The XFS subsystem provides a common API to access and manipulate the ATM devices from different vendors. The malware then opens a session with the service providers and registers to monitor events. It opens a session with the cash dispenser, the card reader and the PIN pad servic | Guideline Cloud | APT 37 | |
|
2018-04-05 16:59:01 | Financial Services DDoS Attacks Tied to Reaper Botnet (lien direct) | >Recorded Future's "Insikt" threat intelligence research group has linked the Mirai variant IoTroop (aka Reaper) botnet with attacks on the Netherlands financial sector in January 2018. The existence of IoTroop was first noted by Check Point in October 2017. At that point the botnet had not been used to deliver any known DDoS attacks, and its size was disputed. What was clear, however, was its potential for growth. In January 2018, the financial services sector in the Netherlands was hit by a number of DDoS attacks. Targets included ABN Amro, Rabobank and Ing; but at that time the source of the attack was unknown. Insikt researchers now report that at least one these financial services attacks -- and possibly more -- was the first known use of IoTroop to deliver a DDoS attack. "IoTroop is a powerful internet of things (IoT) botnet," reports Insikt, "primarily comprised of compromised home routers, TVs, DVRs, and IP cameras exploiting vulnerabilities in products from major vendors including MikroTik, Ubiquity and GoAhead." The attack itself was not excessively high by modern standards. "The initial attack was a DNS amplification attack with traffic volumes peaking at 30Gb/s," reports Insikt -- far short of the 1.7Tb/s attack that occurred in February. If the IoTroop assumption is correct, it is clear the botnet has evolved extensively since its discovery last year. Fortinet's SVP products and solutions reported last month, "the Reaper [IoTroop] exploit was built using a flexible Lua engine and scripts, which means that instead of being limited to the static, pre-programmed attacks of previous exploits, its code can be easily updated on the fly, allowing massive, in-place botnets to run new and more malicious attacks as soon as they become available." Insikt reports that the malware can use at least a dozen vulnerabilities and can be updated by the attackers as new vulnerabilities are exposed. "Our analysis," it says, "shows the botnet involved in the first company attack was 80% comprised of compromised MikroTik routers with the remaining 20% composed of various IoT devices ranging from vulnerable Apache and IIS web servers to routers from Ubiquity, Cisco and ZyXEL. We also discovered Webcams, TVs and DVRs among the 20% of IoT devices, which included products from major vendors such as MikroTik, GoAhead, Ubiquity, Linksys, TP-Link and Dahua." This list adds new devices now vulnerable to IoTroop in addition to those noted in the original October 2017 research -- which suggests, says Insikt, "a widespread and rapidly evolving botnet that appears to be leveraging publicly disclosed vulnerabilities in many IoT devices." | Cloud | APT 37 | |
|
2018-04-03 18:30:03 | New KevDroid Android Backdoor Discovered (lien direct) | >Security researchers have discovered a new Android Remote Access Trojan (RAT) that can steal a great deal of information from infected devices. Dubbed KevDroid, the mobile threat can steal contacts, messages, and phone history, while also able to record phone calls, Talos reports. Two variants of the malware have been identified so far. One of the variants exploits CVE-2015-3636 to gain root access, but both implement the same call recording capabilities, taken from an open-source project on GitHub. Once it has infected a device, the first KevDroid variant can gather and siphon information such as installed applications, phone number, phone unique ID, location, stored contacts information, stored SMS, call logs, stored emails, and photos. | Guideline Cloud | APT 37 | |
|
2018-03-21 11:29:00 | (Déjà vu) 5 Fun Facts About the 2018 Singapore Cybersecurity Statute (lien direct) | An orchard of cybersecurity law is growing in Asia. Now based in Singapore, your intrepid reporter is bumping into these cyber laws not as a participant (yet) but as an interested observer. Like the data-protection laws recently passed throughout the region, these cybersecurity regulations have a lot in common with each other. Singaporeans are known for their discipline, so you can expect that their cybersecurity law will be among the best in the region. Let your intrepid reporter summarize the statute, and also highlight 5 fun facts found within it. The Singapore Cybersecurity Statute On January 8, 2018, the Singapore government published Bill No. 2/2018, referred to as “the Cybersecurity Bill.” Local infosec professionals consider it, overall, a good bill, covering exactly the topics one would expect to see from the Singaporean government. After a first draft, lively debate ensued during the public commentary period, and the government folded the best suggestions into its final bill. The administration of the statute will be completed by a Cybersecurity Commissioner. This person will define many of the finer points of policy, which have been purposely left out of the framework. The bill comprises three main themes: 1. Critical Infrastructure. The Cybersecurity Bill defines the criteria by which the commissioner should identify critical infrastructure (sections 7–9). These include 11 groupings of “essential services,” including aviation, banking, and healthcare. Fun Fact #1: The Philippine government is working on a similar project, called the “National Cybersecurity Plan 2022”, and word is that they copied the groupings, in order, from the Singaporean version. Nothing wrong with that, though. The local cybersecurity community applauds the Singapore bill's requirements for bi-annual audits and regular penetration tests. That's just good policy, so it might as well be a law; after all, this is Singapore. 2. Incident Response. Sections 19–23 define the powers the commissioner has to investigate, prevent, and respond to cybersecurity incidents. Fun Fact #2: Of interest is that the bill allows the designation of temporary technical experts, who will be issued cards identifying themselves as such. Your reporter personally finds this pretty cool, and would be tickled to be a card-carrying Singaporean crime fighter (temporarily) someday. He imagines himself holding up a badge and saying, with authority, “Everyone calm down, I'm here to help.” 3. Cybersecurity Service Providers. Sections 24–35 describe the governance of so-called cybersecurity service providers-penetration testers and security operations centers (SOCs). Perhaps the most significant aspect of the bill is Fun Fact #3: Provid | Cloud | APT 37 | |
|
2018-03-14 15:56:03 | Combatting the Transformation of Cybercrime (lien direct) | The volume of cyberattacks is growing at an unprecedented rate, increasing as much as nearly 80% for some organizations during the final quarter of 2017. One reason for this acceleration in the attack cycle is that in order for malware to succeed today it needs to spread further and faster than even before. This allows cybercriminals to stay a step ahead of new efforts by vendors to improve their delivery of updated signatures and patches. But it's not just about volume. These attacks are also increasingly sophisticated, often spanning across malware families and using advanced techniques to simultaneously target multiple attack vectors. This enhanced focus on innovation, combined with the increased speed and volume at which new threat variants are being released into the wild, is successfully catching far too many organizations unprepared. To keep your organization ahead of the threat curve, here are five recent trends you should be aware of: Cryptojacking Cryptojacking is an important new trend among cybercriminals. The latest iteration involves injecting malicious JavaScript into vulnerable websites, or delivering it via phishing campaigns. Simply browsing an infected site can enable attackers to hijack CPU cycles to perform cryptomining on behalf of a cybercriminal. While such attacks initially hijacked all available CPU, causing machines to become virtually unusable, new, more sophisticated attacks, now monitor device CPU and rate limit the amount of processing power they leverage, often using 50% or less of available processing power at any given moment in order to evade detection. Cryptojacking can result in everything from annoying side effects such browser hang-ups and system crashes, to degraded network performance, sophisticated data theft, and increasingly, even the delivery of ransomware. IoT Botnets IoT-based botnets also continue to dominate the threat landscape. But unlike the first generation of IoT attacks, which focused on exploiting a single vulnerability, new IoT botnets such as Reaper and Hajime simultaneously target multiple vulnerabilities, making them much harder to combat. Even worse, because many IoT manufacturers don't have a PSIRT team in place, many of these attacks target known IoT vulnerabilities for which no CVE has been named, which means there is little opportunity to even report vulnerabilities when they are discovered, let alone prepare for them. To complicate things further, the Reaper exploit was built using a flexible Lua engine and scripts, which means that instead of being limited to the static, pre-programmed attacks of previous exploits, its code can be easily updated on the fly, allowing massive, in-place botnets to run new and more malicious attacks as soon as they become available. Ransomware | Cloud | APT 37 | |
 |
2018-02-27 18:54:05 | Recently patched CVE-2018-4878 Adobe Flash Player flaw now exploited by cybercriminals (lien direct) | Security researchers at Morphisec have uncovered a massive hacking campaign that is exploiting the recently patched CVE-2018-4878 Adobe Flash Player vulnerability. Threat actors are exploiting the use-after-free flaw to deliver malware. The CVE-2018-4878 vulnerability was fixed by Adobe on February 6, after security experts discovered it was used by North Korea-linked APT37 group in targeted […] | Cloud | APT 37 | |
|
2018-02-21 15:20:05 | North Korea Cyber Threat \'More Aggressive Than China\': US Firm (lien direct) | North Korean hackers are becoming more aggressive than their Chinese counterparts, a leading US cybersecurity firm warned Tuesday, as it identified a Pyongyang-linked group as an "advanced persistent threat". | Guideline Cloud | APT 37 | |
 |
2018-02-21 14:07:03 | Reaper: Little-known North Korean hacker group steps up attacks in Vietnam, Japan and Middle East (lien direct) | A lesser-known North Korean cyberespionage group has been rapidly widening its scope and skills to step up attacks beyond the Korean Peninsula to include Japan, Vietnam and the Middle East in 2017, security researchers have said. According to cybersecurity firm FireEye, the shadowy hacker group dubbed APT37 or Reaper has been active since 2012 and ... | Cloud | APT 37 | ★★★★ |
|
2018-02-21 06:34:04 | North Korean APT Group tracked as APT37 broadens its horizons (lien direct) | Researchers at FireEye speculate that the APT group tracked as APT37 (aka Reaper, Group123, ScarCruft) operated on behalf of the North Korean government. Here we are to speak about a nation-state actor dubbed APT37 (aka Reaper, Group123, ScarCruft) that is believed to be operating on behalf of the North Korean government. APT37 has been active since at least […] | Cloud | APT 37 | |
 |
2018-02-20 18:05:00 | Un nouveau rapport FireEye : APT37 (Reaper) (lien direct) |  FireEye a publié aujourd'hui une nouvelle étude qui met en lumière les activités d'une importante menace de cyber espionnage : l'APT37 de Corée du Nord. |
Cloud | APT 37 | |
 |
2017-12-15 14:00:00 | Things I Hearted This Week 15th December 2017 (lien direct) |
Continuing the trend from last week, I’ll continue trying to put a positive spin on the week’s security news.
Why? I hear you ask. Well, I’ve been mulling over the whole optimist thing, and glass half full analogy and it does work wonders. Side note, a tweet about half full / empty glasses and infosec took on a life of its own a few days ago.
But I’m reminded of the ending monologue by Morgan Freeman in “The Shawshank Redemption”, in which he starts off by saying, “Get busy living or get busy dying.”
So the thought of the week is, “Get busy securing, or get busy insecuring.” Hmm doesn’t quite have the same ring to it. Will have to think of a better word – but you catch my drift. Let’s jump into this week’s interesting security bits
Mirai Mirai on the wall
I picture Brian Krebs as being a Liam Neeson type – he sees that his website is under attack by a never-before seen DDoS attack. He mutters to himself, “I don’t know who you are, but I will hunt you, I will find you, and I will blog about it until you get arrested, prosecuted, and thrown in jail.”
It so happens that this week the hackers behind the Mirai botnet and a series of DDoS attacks pled guilty.
The Hackers Behind Some of the Biggest DDoS Attacks in History Plead Guilty | Motherboard
Mirai IoT Botnet Co-Authors Plead Guilty | KrebsonSecurity
Botnet Creators Who Took Down the Internet Plead Guilty | Gizmondo
Bug Laundering Bounties
Apparently, HBO negotiated with hackers. Paying them $250,000 under the guise of a bug bounty as opposed to a ransom.
Maybe in time, it will be found that HBO acted above board, maybe it was a sting operation, maybe it was a misconstrued email.
The worrying fact is that any payment exchange system can be used to launder money. However, bug bounty providers don’t (as far as I can tell) have financial services obligations. Does the bug bounty industry need more regulation (shudder)?
Leaked email shows HBO negotiating with hackers | Calgary Herald
Remember the 'Game of Thrones' leak? An Iranian hacker was charged with stealing HBO scripts to raise bitcoin | USA Today
Uber used bug bounty program to launder blackmail payment to hacker | ars Technica
Inside a low budget consumer hardware espionage implant
I’m not much of a hardware expert – actually, I’m not much of a hardware novice either. But this writeup by Mich is awesome. I didn’t even know there were so many ways to sniff, intercept and basically mess around with stuff at such small scale. It’s extremely detailed and I’ve permanently bookmarked it for future reference.
|
Guideline Medical Cloud | Uber APT 38 APT 37 | |
|
2017-12-13 17:37:49 | Threat Modeling the Internet of Things: Modeling Reaper (lien direct) | What a timely way to end this series on Threat Modeling the Internet of Things (IoT). An advanced thingbot, nicknamed Reaper (or IoTroop), was recently discovered infecting hordes of IoT devices. Reaper ups the ante for IoT security. | Cloud | APT 37 | |
 |
2017-11-19 20:44:20 | North Korea\'s widening Net, pricing the Equifax Hack & Dark Markets in Turmoil (lien direct) | In this week’s podcast, after a string of reports about North Korea’s growing forays onto sensitive corporate networks, we speak with Adam Meyers of CrowdStrike about the widening net of North Korean offensive hacking and how the Hermit Kingdom is playing the part both of cyber criminal and nation-state actor. Also: we unpack the...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/495673822/0/thesecurityledger -->»
|
Cloud | Equifax APT 37 | |
|
2017-11-16 10:10:59 | Should you fear the Reaper? (lien direct) | >Move over Mirai, there's a new monstrous botnet in town. The newly-discovered botnet, dubbed “Reaper†or “IoTroop,†appears to be a more powerful strain of the Internet of Things (IoT) attack malware that Mirai was, the previous holder of the IoT botnet crown. And while Reaper hasn't yet to launch an attack, security researchers warn ... | Cloud | APT 37 | ★★ |
|
2017-11-09 10:36:35 | Backdoored IP scanner tricks hackers (lien direct) | >It was found that hackers, who were looking to create their own version of the Reaper botnet, downloaded an IP scanner which was a PHP file that was made available as a free download after news about Reaper botnet broke. View Full Story ORIGINAL SOURCE: BleepingComputer | Cloud | APT 37 | |
 |
2017-11-08 16:16:00 | Hacker Wannabes Fooled by Backdoored IP Scanner (lien direct) | Wannabe hackers looking to create their very own Reaper botnet might have gotten more than they asked when they downloaded an IP scanner over the past few weeks. [...] | Cloud | APT 37 | |
 |
2017-11-03 12:39:20 | RickRolled by none other than IoTReaper (lien direct) | IoT_Reaper overview IoT_Reaper, or the Reaper in short, is a Linux bot targeting embedded devices like webcams and home router boxes. Reaper is somewhat loosely based on the Mirai source code, but instead of using a set of admin credentials, the Reaper tries to exploit device HTTP control interfaces. It uses a range of vulnerabilities […] |
Cloud | APT 37 | |
|
2017-10-30 12:55:31 | Researchers Downplay Size of Reaper IoT Botnet (lien direct) | The Mirai-like "Reaper" botnet that began infecting Internet of Things (IoT) devices in late September has only ensnared up to 20,000 bots so far, according to estimates from Arbor Networks. | Cloud | APT 37 | |
 |
2017-10-27 20:39:21 | Fear the Reaper, or Reaper Madness? (lien direct) | Last week we looked at reports from China and Israel about a new "Internet of Things" malware strain called "Reaper" that researchers said infected more than a million organizations by targeting newfound security weaknesses in countless Internet routers, security cameras and digital video recorders (DVRs). Now some botnet experts are calling on people to stop the "Reaper Madness," saying the actual number of IoT devices infected with Reaper right now is much smaller. Arbor Networks said it believes the current actual size of the Reaper botnet fluctuates between 10,000 and 20,000 bots total. Arbor notes that this can change any time. | Cloud | APT 37 | |
|
2017-10-26 14:15:38 | eSentire Security Advisory: Reaper IoT Botnet (lien direct) | The ISBuzz Post: This Post eSentire Security Advisory: Reaper IoT Botnet | Cloud | APT 37 | |
 |
2017-10-25 23:00:16 | Future attaque ? Le petit frère de Miraim, Reaper, collecte ses objets connectés (lien direct) | >Reaper, un nouveau botnet visant des objets connectés, emmagasinerai des informations pour une future attaque. Reaper, une... Cet article Future attaque ? Le petit frère de Miraim, Reaper, collecte ses objets connectés est diffusé par Data Security Breach. | Cloud | APT 37 | |
 |
2017-10-25 18:33:18 | Hackers Prepping IOTroop Botnet with Exploits (lien direct) | Researchers warn that hackers have weaponized a vulnerability that could be used in an IOTroop (or Reaper) attack, bringing the likelihood of an attack one step closer. | Cloud | APT 37 | |
 |
2017-10-24 16:14:49 | Reaper IoT botnet could be more devastating than Mirai (lien direct) |  Think the Mirai botnet which launched a DDoS attack that knocked major websites offline last year was bad?
It's possible that you ain't seen nothing yet.
|
Cloud | APT 37 | |
 |
2017-10-24 12:46:37 | After quietly infecting a million devices, Reaper botnet set to be worse than Mirai (lien direct) | Reaper is on track to become one of the largest botnets recorded in recent years - and yet nobody seems to know what it will do or when. But researchers say the damage could be bigger than last year's cyberattack. | Cloud | APT 37 | |
|
2017-10-23 19:42:42 | Reaper: Calm Before the IoT Security Storm? (lien direct) | It's been just over a year since the world witnessed some of the world's top online Web sites being taken down for much of the day by "Mirai," a zombie malware strain that enslaved "Internet of Things" (IoT) devices such as wireless routers, security cameras and digital video recorders for use in large-scale online attacks. Now, experts are sounding the alarm about the emergence of what appears to be a far more powerful strain of IoT attack malware -- variously named "Reaper" and "IoTroop" -- that spreads via security holes in IoT software and hardware. And there are indications that over a million organizations may be affected already. Reaper isn't attacking anyone yet. For the moment it is apparently content to gather gloom to itself from the darkest reaches of the Internet. But if history is any teacher, we are likely enjoying a period of false calm before another humbling IoT attack wave breaks. | Cloud | APT 37 | |
 |
2017-10-21 00:49:26 | New Rapidly-Growing IoT Botnet Threatens to Take Down the Internet (lien direct) | Just a year after Mirai-biggest IoT-based malware that caused vast Internet outages by launching massive DDoS attacks-completed its first anniversary, security researchers are now warning of a brand new rapidly growing IoT botnet.
Dubbed 'IoT_reaper,' first spotted in September by researchers at firm Qihoo 360, the new malware no longer depends on cracking weak passwords; instead, it exploits
|
Cloud | APT 37 | |
|
2017-10-20 09:30:39 | A Gigantic IoT Botnet Has Grown in the Shadows in the Past Month (lien direct) | Since mid-September, a new IoT botnet has grown to massive proportions. Codenamed IoT_reaper (Reaper for this article), researchers estimate its current size at nearly two million infected devices. [...] | Cloud | APT 37 | |
 |
2017-08-23 13:14:19 | NBlog August 23 - Information Security outreach (lien direct) |  Further to yesterday's ISO27k Forum thread and blog piece, I've been contemplating the idea of extending the security awareness program into an "outreach" initiative for Information Security, or at least viewing it in that way. I have in mind a planned, systematic, proactive approach not just to spread the information risk and security gospel, but to forge stronger more productive working relationships throughout the organization, perhaps even beyond. Virtually every interaction between anyone from Information Security and The Business is a relationship-enhancing opportunity, a chance to inform, communicate/exchange information in both directions, assist, guide, and generally build the credibility and information Security's brand. Doing so has the potential to:Drive or enhance the corporate security culture through Information Security becoming increasingly respected, trusted, approachable, consulted, informed and most of all used, rather than being ignored, feared and shunned (the "No Department");Improve understanding on all sides, such as identifying business initiatives, issues, concerns and demands for Information Security involvement, at an early enough stage to be able to specify, plan, resource and deliver the work at a sensible pace rather than at the last possible moment with next to no available resources; also knowing when to back-off, leaving the business to its own devices if there are other more pressing demands, including situations where accepting information risks is necessary or appropriate for various business reasons;Encourage and facilitate collaboration, cooperation and alignment around common goals;Improve the productivity and effectiveness of Information Security by being more customer-oriented - always a concern with ivory-tower expert functions staffed by professionals who think they (OK, we!) know best;Improve the management and treatment of information risks as a whole through better information security, supporting key business objectives such as being able to exploit business opportunities that would otherwise be too risky, while complying with applicable laws and regulations. |
Cloud | APT 37 | |
|
2017-08-17 13:00:00 | The Upgraded AlienVault OTX API & Ways to Score Swag! (lien direct) | We've made a number of improvements to the depth of data in OTX recently, which are now available via the free API tool. Some of the API functions now include: Malware anti-virus and sandbox reports (example) A Whois API, including reverse whois and reverse SSL (example) View IP addresses that our telemetry indicates a specific network signature has fired on (example) The HTTP contents of a domain or URL (example), as well as finding all pages that link to it (example) Passive DNS history (example) Find malware samples that talk to a domain or ip (example) Retrieve malware samples by anti-virus detection (example) Lists of malicious URLs on domains (example) Download all indicators from users that you subscribe to (example) Find pulses based on the adversary, industry or keywords that interest you (example) What could you build? This depth of data could be used for countless things, but here are a couple of examples the API could used for: Actor Tracking Let’s say you want to get daily updates on an attacker that has targeted your sector before. With the new API, you will get a daily email on name servers they use, domain registration emails they use, and servers that have fired network alerts for their malware. Malicious File Alerting Another common task is when you want to know if files that pass your network or mail gateway (either at the MX or Inbox) are malicious. You can easily extract these files, then check them against OTX to see if they are malicious. Examples Our Python SDK page includes some simple examples of using the API, such as: Storing a feed of malicious indicators on OTX Telling if a Domain, IP, File hash or URL is malicious | Cloud | APT 37 | |
 |
2017-06-12 19:07:51 | An Introduction to VolUtility, (Mon, Jun 12th) (lien direct) | If you would like to practicememory forensics using Volatility but you dont like command line tools and you hate to remmber plugins then VolUtility is your friend. Volutility1is a web frontend for Volatility framework. Installation In this dairy, I will install VolUtlity on Linux SIFT2workstation. Update your SIFT workstation and install django margin-right:210.0pt">$ sudo apt-get update margin-right:0in"> Install MongoDB : In this dairy I am not going to discuss how to install MongoDB , for futher details about margin-left:.5in"> $ git clone https://github.com/volatilityfoundation/volatility $ cd volatility $ sudo python setup.py install margin-left:.5in"> $ git clone https://github.com/kevthehermit/VolUtility Configuration In this diary I am going to use the default config file volutility.conf.sample border:solid windowtext 1.0pt"> $ ./manage.py runserver 0.0.0.0:8000 width:400px" /> Enter a name for the session and the location of the memory image ,for the profile you can either specify it or you can choose autodetect, then click on submit button width:400px" /> You have to wait for few minutest till it finishes from processing the image, once it finished the status will change to Complete width:400px" /> To examine the image click on the session name , in this the dairy its SANS ISC width:400px" /> Now let width:400px" /> And you can of course filter your result using tools such as MS Excel. _______________________________________________________ [1] https://github.com/kevthehermit/VolUtility/wiki [1] https://digital-forensics.sans.org/community/downloads (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. | Cloud | APT 37 | |
|
2016-06-17 10:00:38 | ScarCruft APT Group Used Latest Flash Zero Day in Two Dozen Attacks (lien direct) | The ScarCruft APT gang has made use of a Flash zero day patched Thursday by Adobe to attack more than two dozen high-profile targets in Russia and Asia primarily. | Cloud | APT 37 | |
 |
2016-06-14 03:00:49 | Don\'t Fear the Reaper – Getting the Most Out of Your Penetration Tests (lien direct) | PCI-DSS v3.2 will be in full-force this October. At that time, service providers will be required to complete penetration tests by an external third party twice a year. The term “service provider” leaves significant room for interpretation. Discuss PCI-DSS v3.2 with your QSA to determine how changes may impact your organization. Whether to be PCI […]… Read More | Cloud | APT 37 |
To see everything:
Our RSS (filtrered)
