FIRST-2005 Day1 - Hands on Defence and Malware analysis

Hart Rossman and Scott Kennedy of SAIC Integrated Security were conducting a session on hands-on system defense. They had systems running Windows and IIS, Solaris 8, 9 running Apache and RedHat, routers and IDS systems. Participants were to detect vulnerabilities, patch them and defend them. At the end they had charts that scored various the activities based on how the critical services were running. Here are the snaps, sorry they are blurred: Red means something like some critical services were down Vs time, green means up:

solaris
Solaris 9

windows
Windows-x


Later Kevin Houle of CERT/CC showed how malware analysis is done with examples like Blaster worms. Its not surprising that he finds UNIX tools like file(1), strings(1), objdump and gdm most useful in identifying and analyzing virus and worms and other malware. Most of the difficulties he was I think he would find DTrace useful
Comments:

Post a Comment:
Comments are closed for this entry.
About


sayings of an hearer

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today