Detecting Conficker: run this check now!

If you’re reading this blog I’m sure I don’t have to tell you what MS08-67 or Conficker is about (despite the fact we keep seeing many unpatched machines, but that’s a different story).

Besides that, there are plenty of rumours about a possible Conficker attack on 1st April. I know you may think it’s all hype or scaremongering, and it might well be. But, if you run a large corporate network I’m sure you don’t want to sit down and wait until 1st April to find out.

If that’s the case, you have to know that the Honeynet Project has been working on a way to detect Conficker-infected machines and that they have just released a scanner for this task. The scanner is available as a python script and as a windows .exe executable, and can be used to scan a single host or a whole network range.

Continue reading Detecting Conficker: run this check now!

Links to overcome the post-holiday syndrome

September came quickly and holidays are gone. Well, at least for me and for most of the people that live in this part of the world. If you happen to be one of those that survived the holiday season -and all its hassles- without even approaching your laptop, blackberry, iPhone, PDA or any other kind of “always-on” Internet device… you are either a liar or a hero.

Whatever you did, and despite the amount of money you spent, one thing is for sure: if you are reading this it’s safe to assume that you are still interested in reading about good infosec stuff, aren’t you?

Keep reading then and have a look at the following links containing a few interesting security tools, new forensic challenges and even a new Multi-Boot Security Live DVD:

  • DFRWS 2008 Rodeo (forensic challenge): The 8th annual Digital Forensic Research Conference was held from August 11 to 13, 2008 in Baltimore, MD. A key element of this conference is the “forensic rodeo”, a challenge where conference attendees form teams to solve a digital forensic problem. The DRFWS has made the materials for the 2008 Forensic Rodeo available on their website for educational purposes and to support further research in memory analysis and file carving. The scenario description and the image files can be downloaded http://www.dfrws.org/2008/rodeo.shtml Continue reading Links to overcome the post-holiday syndrome