2015年05月_cnbird2008

12月 11月 10月 09月 08月 07月 06月 05月 04月 03月 02月 01月

原创 Investigating A Malicious Attachment Without Reversing

http://blog.malwaremustdie.org/2015/04/mmd-0031-2015-what-is-netwire-rat.htmlhttps://labs.opendns.com/2015/03/04/investigating-a-malicious-attachment-without-reversing/?utm_source=twitter&utm_medium

2015-05-30 16:14:10 1870

原创 Real world examples of malware using DNS for exfiltration and C&C channels

https://www.youtube.com/watch?v=UVYnVELzJk4使用的工具:dns2tcpdnscatiodineNSTXOzymandnsloopcVPNPsUDPTUNS

2015-05-30 12:45:46 2057

原创 Using Machine Learning to Name Malware

http://lqdc.github.io/using-machine-learning-to-name-malware.html

2015-05-30 11:39:52 1950

原创 opendns安全研究成果

https://twitter.com/dhialite

2015-05-30 11:39:23 1938

原创 malware自动化分析

http://www.mal-content.org/blog/automating-malware-analysis-with-cuckoo-sandbox-part-2-setuphttps://www.trustwave.com/Resources/SpiderLabs-Blog/Malicious-Macros-Evades-Detection-by-Using-Unusual-Fil

2015-05-29 18:25:22 2007

原创 mahout类似的开源项目

http://www.oschina.net/search?scope=project&q=mahoutspark mllab

2015-05-29 18:21:35 2599

转载 SX 4th meetup – Hunting Rootkit From the Dark Corners Of Memory

http://securitytrainings.net/hunting-rootkit-dark-corners-memory/

2015-05-27 21:31:34 1414 1

转载 hwclock(8) SUID privilege escalation

Hello,During a recent assessment I have stumbled across a system which hadhwclock(8) setuid roothwclock is a part of util-linux, all versions affected$ man hwclock | sed -n '223,231p'Users ac

2015-05-27 21:28:13 959

原创 RSA Conference 2015 video

https://www.youtube.com/user/RSAConference/playlists

2015-05-27 21:15:21 908

原创 apt成熟度模型

【参考:攻击分析模型】1. 初期规模1) 意外打开事前知道已感染的文件2) 数字设备感染3) 随机发生的浏览器被攻击事件4) 因使用社交网络SNS而被感染5) 服务器端遭受攻击6) 针对性某个公司指定设计的攻击方式7) 内部的感染事件8) 利用邮件附件等手段发起的攻击9) 鱼叉式钓鱼攻击(包括员工对员工或者员工对高管两种攻击方式)10) 针对性明显的水抗

2015-05-22 21:00:32 1660

转载 SANS FOR572 Logstash

http://sourceforge.net/p/sansfor572logstash/wiki/Home/https://www.elastic.co/https://www.elastic.co/webinars/introduction-elk-stack

2015-05-21 21:50:19 1482

原创 Finding Bad Guys with 35 million Flows, 2 Analysts, 5 Minutes and 0 Dollars

讲解的是NSMhttp://www.irongeek.com/i.php?page=videos/bsidesknoxville2015/103-finding-bad-guys-with-35-million-flows-2-analysts-5-minutes-and-0-dollars-russell-butturini

2015-05-21 21:13:13 1091

转载 Five must-know open source SDN controllers

We've rounded up five open source SDN controllers to get to know.1. OpenDaylight open-source SDN controller. OpenDaylight announced the release of its open-source SDN controller platform, Hydrog

2015-05-21 19:20:07 1511

转载 802.11 Network Forensic Analysis

http://www.sans.org/reading-room/whitepapers/wireless/80211-network-forensic-analysis-33023

2015-05-20 22:10:29 928

转载 Lessons Learned from Building and Running MHN, the World's Largest Crowdsourced Honeynet

http://www.irongeek.com/i.php?page=videos/bsidessf2015/112-lessons-learned-from-building-and-running-mhn-the-worlds-largest-crowdsourced-honeynet-jason-trost

2015-05-20 19:26:49 928

原创 opendns security blog

https://labs.opendns.com/blog/page/2/

2015-05-20 18:41:32 941

原创 rekall内存分析演示

http://memory-analysis.rekall-forensic.com/www/TOC/

2015-05-20 18:38:28 1839

转载 Detecting and Defending against PowerShell Shells

http://hackerhurricane.blogspot.com/2015/05/defending-against-powershell-shells.htmlSo much of our industry focuses at Red Team P0wnage. I read a retweet by my Con 'son' @Ben0xA last week on Powe

2015-05-20 09:32:32 1156

原创整理的小工具

1. bypass wafhttps://github.com/CoolerVoid/payloadmask2.shell静态分析http://www.digitalmunition.me/2015/05/shellcheck-v0-3-7-shell-script-static-analysis-tool/

2015-05-19 18:54:13 1092

转载 New Tool: The PenTesters Framework (PTF) Released

http://www.trustedsec.com/may-2015/new-tool-the-pentesters-framework-ptf-released/New Tool: The PenTesters Framework (PTF) ReleasedTrustedSec is proud to announce the release of the PenTeste

2015-05-19 18:52:07 1400