資安小學堂
2011年9月6日 星期二
FireEye Advanced Threat Report 1H2011
FireEye 2011 Q1~Q2 惡意程式趨勢分析報告
http://www.fireeye.com/resources/pdfs/FireEye_Advanced_Threat_Report_1H2011.pdf
http://www.fireeye.com/resources/pdfs/FireEye_Advanced_Threat_Report_1H2011.pdf
2011年8月10日 星期三
2011年8月4日 星期四
YARA v1.6!
“YARA is a malware identification and classification tool. It is aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic.
It is multi-platform, running on Windows, Linux and Mac OS X, and can be used through its command-line interface or from your own Python scripts with the yara-python extension.”
This is the official change log:
It is multi-platform, running on Windows, Linux and Mac OS X, and can be used through its command-line interface or from your own Python scripts with the yara-python extension.”
This is the official change log:
- Added support for bitwise operators
- Added support for multi-line hex strings
- Scan speed improvement for regular expressions (with PCRE)
- Yara-python ported to Python 3.x
- Yara-python support for 64-bits Python under Windows
- BUGFIX: Buffer overflow in error printing
2011年8月1日 星期一
WordPress Security Plugin
Secure WordPress beefs up the security of your WordPress installation by removing error information on login pages, adds index.html to plugin directories, hides the WordPress version and much more.
參考:https://wordpress.org/extend/plugins/secure-wordpress/
- Removes error-information on login-page
- Adds index.php plugin-directory (virtual)
- Removes the wp-version, except in admin-area
- Removes Really Simple Discovery
- Removes Windows Live Writer
- Removes core update information for non-admins
- Removes plugin-update information for non-admins
- Removes theme-update information for non-admins (only WP 2.8 and higher)
- Hides wp-version in backend-dashboard for non-admins
- Removes version on URLs from scripts and stylesheets only on frontend
- Blocks any bad queries that could be harmful to your WordPress website
參考:https://wordpress.org/extend/plugins/secure-wordpress/
2011年7月4日 星期一
提醒 vsftpd-2.3.4 內含後門
在版本 vsftpd-2.3.4 同時存有後門,因官方網站先被入侵後,攻擊者在最新版下載點裡面的程式動了手腳,偷塞了後門程式進去!
相關細節
http://pastebin.com/AetT9sS5http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html
Metasploit vsftpd backdoor demo
http://www.youtube.com/watch?v=WgXm0tgRMos&feature=player_embedded#at=39
2011年6月27日 星期一
Attacking Log Analysis tools
Attacking Log Analysis tools
http://www.ossec.net/main/attacking-log-analysis-tools
Log Parser 2.2
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=24659
Log Parser Lizard GUI
http://www.lizard-labs.net/log_parser_lizard.aspx
Firewall Log Analysis
http://www.firemon.com/loganalysis.aspx?gclid=COf0xN7Y1akCFQfhbgod7Cp_NA
http://www.ossec.net/main/attacking-log-analysis-tools
Log Parser 2.2
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=24659
Log Parser Lizard GUI
http://www.lizard-labs.net/log_parser_lizard.aspx
Firewall Log Analysis
http://www.firemon.com/loganalysis.aspx?gclid=COf0xN7Y1akCFQfhbgod7Cp_NA
訂閱:
文章 (Atom)