There is no excerpt because this is a protected post.
Protected: Alert
There is no excerpt because this is a protected post.
Protected: Alert 2
There is no excerpt because this is a protected post.
Detecting Virtualized Environment in Gnu/Linux
As sysadmin, it is hard to tell if you’re in physical or virtualized environment 😉 Below are some command line available to detect whether we’re in virtualized environment or not : user@server1:~$ dmesg | grep -i vmware [ 0.000000] ACPI: SRAT 0000000041ef07f6 00080 (v02 VMWARE MEMPLUG 06040000 VMW 00000001) [ 1.470135] ata1.00: ATAPI: VMware Virtual […]
(Yet Another) Quick Botnet Analysis
Botnets are network of malware-infected machines that are controlled by an adversary. Our approach to in studying this botnet is to perform active analysis by using an actual malware sample, infecting the machine and observe its activities. As we probe deeper into the network traffic collected by Wireshark, we find very detailed IRC functionality, attack […]
FIRST AGM and Annual Conference 2010
The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the wider global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. Just as importantly, the conference enables attendees […]
OllyScript – Automating detection and unpacking the Conficker Worm Variant B/C
In order to bring the problem of extracting unpacking code into the realm of decidability, MyCERT had been working on automating the unpacking script in an assembly-like language. The script, called OllyScript, can be used to unpack malicious worm Win32/Conficker B and Win32/Conficker C. OllyScript is the scripting language plugin for OllyDbg. It simulates user’s […]