Vulnerability and Exploit Terminology Webinar
Written by Chuck Willis
Willi Ballenthin and I will be presenting the Fresh Prints of Mal-ware: Vulnerability and Exploit Terminology Decoded webinar tomorrow at 2PM ET.
Join us to learn the different types of flaws being found in modern software systems (and a bit about what to do about them). We will discuss old standbys like buffer overflows and memory corruption, along with web application flaws like cross-site scripting and SQL injection. We’ll also relate each vulnerability type to recent headlines. Read the rest
. 18 Jan 12 | The Suite Spot | Comments (0)
Creating an IOC to Spot the Duqu Family
Written by Carrie Jung
Duqu has been getting a lot of attention in the media. According to Symantec, there are 15 confirmed variants found thus far. One of the interesting challenges posed by Duqu is that every instance appears to be unique. Also, the main components are encrypted on disk, therefore restricting our search space to in-memory. Read the rest
. 10 Jan 12 | The Lab | Comments (0)
Using Redline & OpenIOC to Build Effective Indicators
Written by Ryan Kazanciyan
Earlier this month, MANDIANT launched the OpenIOC framework (www.openioc.org) along with two free tools – IOC Editor (for building indicators) and IOC Finder (for scanning a single host for indicators). What might not be immediately obvious is that these tools all speak the same language – and can be used together to effectively find evil, build reliable indicators and share threat intelligence. Read the rest
. 15 Dec 11 | The Lab | Comments (0)
FS-ISAC 2011 Fall Summit – Impressions
Written by Lucas Zaichkowsky
Last month the Financial Services Information Sharing and Analysis Center (FS-ISAC) 2011 Fall Summit was held at the Gaylord National Harbor in the Washington, DC Metro Area. As an incident response company that has relationships with several FS-ISAC members, MANDIANT was happy to sponsor. Read the rest
. 12 Dec 11 | Whiteboard | Comments (0)
Redline 1.1 Released
Written by Ryan Kazanciyan
Six months ago, MANDIANT released Redline as a free tool designed to simplify memory analysis and visually guide users through the steps needed to investigate a potentially compromised system. Today, we’re pleased to announce the release of Redline Version 1.1 with some exciting new features and enhancements. We’ve taken some of the “power-user” functions previously only available by hacking Memoryze’s XML configuration files and integrated them into the Redline interface and workflow. We’ve also been able to add new features based on some great user feedback we’ve received from the Mandiant Forums, students in our incident response classes and elsewhere. Read the rest
. 01 Dec 11 | The Armory | Comments (0)
Sharing Threat Intelligence With Technology – Making Use of OpenIOC
Written by Doug Wilson
There are many “standards” being developed for describing or sharing threat intelligence. But what makes a standard? Many industries have standards bodies that tightly control how processes work or define specifications for the manufacture or creation of products and services. But throughout the history of the Internet, many standards that surround the Internet are de facto in nature. Read the rest
. 31 Oct 11 | The Lab | Comments (0)
Channels
Recent Posts
- Vulnerability and Exploit Terminology Webinar
- Creating an IOC to Spot the Duqu Family
- Using Redline & OpenIOC to Build Effective Indicators
- FS-ISAC 2011 Fall Summit – Impressions
- Redline 1.1 Released
Follow us on Twitter
- Mandiant: M's @Taosecurity quoted in @DarkReading, "Six-Year-Old Breach Comes Back To Haunt Symantec" http://t.co/3ZXi8KEq #dfir #infosec
- Mandiant: M's @Taosecurity quoted in @DarkReading, "Six-Year-Old Breach Comes Back To Haunt Symantec" http://t.co/3ZXi8KEq #dfir #infosec
- Mandiant: Very welcome, sir RT @fatherofmaddog: @LucasErratus @Mandiant gents thanks for the #swag my cohort and I appreciate it.