M-unition » Black Hat https://blog.mandiant.com The Ammunition You Need to Find Evil and Solve Crime Thu, 09 Feb 2012 14:18:27 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Jamie Butler named to the Black Hat Review Board https://blog.mandiant.com/archives/1760?utm_source=rss&utm_medium=rss&utm_campaign=black-hat-review-board https://blog.mandiant.com/archives/1760#comments Thu, 19 May 2011 15:50:08 +0000 Travis Reese http://blog.mandiant.com/?p=1760  
MANDIANT would like to congratulate Jamie Butler on his appointment to the Black Hat Review Board. Black Hat is one of the premier technical security conferences, and Jamie’s appointment to its board is a testament to his contributions in advancing the field of computer security. Read the rest

]]>  
MANDIANT would like to congratulate Jamie Butler on his appointment to the Black Hat Review Board. Black Hat is one of the premier technical security conferences, and Jamie’s appointment to its board is a testament to his contributions in advancing the field of computer security. Jamie has been a long-time trainer at this conference and will still be teaching Advanced Memory Forensics in Incident Response there with Peter Silberman. MANDIANT will also be teaching Malware Analysis, Advanced Malware Analysis, and Incident Response: Black Hat Edition at the 2011 show.
 
We look forward to the cutting-edge presentations and discussions at Blackhat USA 2011 and hope to see you there!

 

]]> https://blog.mandiant.com/archives/1760/feed 0 New Memoryze, Audit Viewer, and Training https://blog.mandiant.com/archives/994?utm_source=rss&utm_medium=rss&utm_campaign=memoryze-audit-viewer-training https://blog.mandiant.com/archives/994#comments Sun, 06 Jun 2010 21:17:14 +0000 Jamie Butler http://blog.mandiant.com/?p=994 For those who are not on our mailing list for Memoryze or Audit Viewer, we released a new version a little over a week ago. The new version of the software includes all of the memory analysis features that are available in the newly released MANDIANT Intelligent Response (MIR) 1.4. Read the rest

]]> For those who are not on our mailing list for Memoryze or Audit Viewer, we released a new version a little over a week ago. The new version of the software includes all of the memory analysis features that are available in the newly released MANDIANT Intelligent Response (MIR) 1.4.
 

So what is included in Memoryze and Audit Viewer 1.4? Well, here is the short of it.
 

Memoryze:

  • Support for Windows 2003 x64 SP2
  • Improved support of Vista SP1 and SP2 including port enumeration and a better installer
  • Enumeration of digital signatures for all loaded modules in a processes’ address space, hooked and hooking drivers, and all drivers found by driver signature scans
  • Enumeration of MD5/SHA1/SHA256 hash on disk for all loaded modules in a process’ address space and all drivers found by driver signature scans
  • Updated documentation
  • Single installer for 64-bit and 32-bit versions

 
Audit Viewer:

  • Improvements to the Malware Rating Index (MRI)
  •      Report visualization of MRI results
  •      MRI rule editors that will allow users to graphically edit the MRI rule file
  •      Handle Trust view to help identify suspicious handles
  • Ability to search results within a specific process
  • Multi-select with copy
  • Multi-select and export to a CSV file

 
Those who attended the CanSecWest Training in March have already been enjoying many of these features in beta form for months, and we are committed to ensuring that those who attend the Advanced Memory Forensics in Incident Response class at Black Hat will get early access to the next version of Memorzye, which will support Windows 7 64-bit.
 
As for the Black Hat training, there is a lot of new and updated content for 2010.

  • Coverage of 64-bit operating systems
  • New section on malware covering different malware techniques and how they stand out in memory
  • Four new case studies ranging from real Advanced Persistent Threat (APT) incidents, to spear phishing attacks, and everything in between
  • Student receive early access Memoryze and Audit Viewer for Windows 7 64-bit
  • Students receive the only free tool to analyze Windows Vista
  • Students receive the only free tool to analyze Windows 2003 64-bit
  • Better data collection to help identify processes and drivers as malicious or not
  • Added the Malware Rating Index (MRI), which helps automatically identify many malware behaviors discussed in the class. Through a simple user interface, students learn how to write rules to identify malware in their own work environments. MRI then uses those rules to score processes as suspicious or not.

 
I would like to thank James Long who pointed out an issue with the batch scripts* and Peter Villadsen who worked so hard to improve the build process and installation for Memoryze. Peter and I would also like to thank all our loyal users. We appreciate all your feedback, and we hope to see you in Las Vegas.

 
* When specifying an output directory from the command line with the batch scripts in Memoryze, the directory must already exist.

]]> https://blog.mandiant.com/archives/994/feed 0