Part 1 of my post on Mac OS X memory acquisition and analysis has been posted at the SANS Forensics Blog. I’ll try to publish Part 2 early next week. Stay tuned!
Update
Part 2 is published now:
Thanks for all your positive comments.
Category: Tools
Security Onion LiveCD is now available
I read in Doug Burks’ tweet that his Security Onion LiveCD is now available for download. Being a serious Sguil fan, I can’t do anything but recommend you have a look at this new live distro.
You can download it from the following location:
http://distro.ibiblio.org/pub/linux/distributions/security-onion/
The following information is extracted from Doug’s Security Onion blog:
What is it?
The Security Onion LiveCD is a bootable CD that contains software used for installing, configuring, and testing Intrusion Detection Systems. Continue reading “Security Onion LiveCD is now available”
Detecting Conficker: run this check now!
If you’re reading this blog I’m sure I don’t have to tell you what MS08-67 or Conficker is about (despite the fact we keep seeing many unpatched machines, but that’s a different story).
Besides that, there are plenty of rumours about a possible Conficker attack on 1st April. I know you may think it’s all hype or scaremongering, and it might well be. But, if you run a large corporate network I’m sure you don’t want to sit down and wait until 1st April to find out.
If that’s the case, you have to know that the Honeynet Project has been working on a way to detect Conficker-infected machines and that they have just released a scanner for this task. The scanner is available as a python script and as a windows .exe executable, and can be used to scan a single host or a whole network range.