blog.prowling.nu
prowling - NSM fooNetwork security with a twist of Incident Response tidbits and other IT-security related topics.
http://blog.prowling.nu/
Network security with a twist of Incident Response tidbits and other IT-security related topics.
http://blog.prowling.nu/
TODAY'S RATING
>1,000,000
Date Range
HIGHEST TRAFFIC ON
Saturday
LOAD TIME
4.7 seconds
16x16
32x32
PAGES IN
THIS WEBSITE
18
SSL
EXTERNAL LINKS
14
SITE IP
172.217.6.83
LOAD TIME
4.656 sec
SCORE
6.2
prowling - NSM foo | blog.prowling.nu Reviews
https://blog.prowling.nu
Network security with a twist of Incident Response tidbits and other IT-security related topics.
blog.prowling.nu
prowling - NSM foo: March 2015
http://blog.prowling.nu/2015_03_01_archive.html
Prowling - NSM foo. Network security with a twist of Incident Response tidbits and other IT-security related topics. Friday, March 6, 2015. Modifying VirtualBox settings for malware analysis 2015 ed. I decided to update my script which has been previously published in blog format here. Now it's located on Github. Which makes updates and usage much easier. Subscribe to: Posts (Atom). View my complete profile. Modifying VirtualBox settings for malware analysis.
prowling - NSM foo: Detect changes in Virtual guest after manual malware execution
http://blog.prowling.nu/2012/10/detect-changes-in-virtual-guest-after.html
Prowling - NSM foo. Network security with a twist of Incident Response tidbits and other IT-security related topics. Thursday, October 18, 2012. Detect changes in Virtual guest after manual malware execution. When working with manual testing/execution of malware. I quickly find myself missing the sandbox reports of changes made to the system which you get if you are using Cuckoo for example. The script included in this post will mount a virtual image be it Virtualbox or KVM/QEMU images using qemu-tools.
prowling - NSM foo: VirtualBox IBM/Lenovo and the missing VPD
http://blog.prowling.nu/2013/08/virtualbox-ibmlenovo-and-missing-vpd.html
Prowling - NSM foo. Network security with a twist of Incident Response tidbits and other IT-security related topics. Tuesday, August 6, 2013. VirtualBox IBM/Lenovo and the missing VPD. While having a go at writing an updated post regarding how to configure Virtualbox to avoid VM detection, new versions of VBox has been released since I wrote my previous posts. Anyway almost all IBM/Lenovo hardware has something called Vital Product Data, VPD for short. It's information like:. BIOS Build ID: XXXX. The gue...
prowling - NSM foo: August 2012
http://blog.prowling.nu/2012_08_01_archive.html
Prowling - NSM foo. Network security with a twist of Incident Response tidbits and other IT-security related topics. Thursday, August 23, 2012. Modifying VirtualBox settings for malware analysis. If you are using VirtualBox for malware analysis, either with a sandbox like Cuckoo or stand alone. You probably would like to be able to run modern malware even those samples that are VM aware. Here are a few tips to make your VirtualBox guest somewhat harder to detect. Release Date: BIOS date. VBoxManage setex...
prowling - NSM foo: May 2014
http://blog.prowling.nu/2014_05_01_archive.html
Prowling - NSM foo. Network security with a twist of Incident Response tidbits and other IT-security related topics. Thursday, May 8, 2014. Just a few quick notes on howto install Honeyproxy. Honeyproxy which is based on mitmproxy is being re-integrated back into mitmproxy, currently there is no really good installation documentation, so here goes . This was tested on a Ubuntu 14.04 Desktop 64-bit. Apt-get install python-dev libxml2-dev libxslt1-dev lib32z1-dev python-pip git. Pip install pyamf protobuf.
TOTAL PAGES IN THIS WEBSITE
18
c-APT-ure: May 2013
http://c-apt-ure.blogspot.com/2013_05_01_archive.html
Thursday, May 30, 2013. Ponmocup Hunter" SANS DFIR Summit 2013. The presentation slides have been online for a while [ PDF Link. I've given a newer version of this talk at DeepSec. Slides will be linked when made public. I'm thrilled to give a presentation "My name is Hunter, Ponmocup Hunter" in July at the SANS DFIR Summit 2013 in Austin, Texas. ( Summit. How the malware was discovered, what indicators were derived. How all infected hosts were identified and how remediation was done. Http:/ security-res...
c-APT-ure: July 2014
http://c-apt-ure.blogspot.com/2014_07_01_archive.html
Tuesday, July 29, 2014. Using Redline for Live Response - Part 1. For once I'll write about something a bit different than before. It's still about Ponmocup. Malware, or more precise about the Zuponcic Kit for delivery, but more about how to do Live Response and Detection on the host using Redline. If you're not familiar with the Zuponcic Kit yet, you should read the following posts:. Not quite the average exploit kit: Zuponcic. Zuponcic: "Is it a bird? Is it a plane? Zuponcic: "Is it a bird? Perrugina&#...
c-APT-ure: 3R4LR - Running Redline Remotely for Live Response
http://c-apt-ure.blogspot.com/2014/08/3r4lr-running-redline-remotely-for-live.html
Tuesday, August 12, 2014. 3R4LR - Running Redline Remotely for Live Response. This blog post is a work in progress and I'd love to get feedback while writing it. So while this note appears on top, the blog post is not finished. Please come back again later! This is the second post about using Redline for Live Response. The first post covered Using Redline for Live Response - Part 1. Showing how many details from artifacts can be collected with Redline. Copy the collector to the host. Here are the two scr...
c-APT-ure: August 2014
http://c-apt-ure.blogspot.com/2014_08_01_archive.html
Tuesday, August 12, 2014. 3R4LR - Running Redline Remotely for Live Response. This blog post is a work in progress and I'd love to get feedback while writing it. So while this note appears on top, the blog post is not finished. Please come back again later! This is the second post about using Redline for Live Response. The first post covered Using Redline for Live Response - Part 1. Showing how many details from artifacts can be collected with Redline. Copy the collector to the host. Here are the two scr...
c-APT-ure: Using Redline for Live Response - Part 1
http://c-apt-ure.blogspot.com/2014/07/using-redline-for-live-response-part-1.html
Tuesday, July 29, 2014. Using Redline for Live Response - Part 1. For once I'll write about something a bit different than before. It's still about Ponmocup. Malware, or more precise about the Zuponcic Kit for delivery, but more about how to do Live Response and Detection on the host using Redline. If you're not familiar with the Zuponcic Kit yet, you should read the following posts:. Not quite the average exploit kit: Zuponcic. Zuponcic: "Is it a bird? Is it a plane? Zuponcic: "Is it a bird? Perrugina&#...
c-APT-ure: March 2012
http://c-apt-ure.blogspot.com/2012_03_01_archive.html
Thursday, March 8, 2012. Ponmocup, lots changed, but not all. See at the end and list of domains below. List of domains below). More info, links to IOC and ref's at end). So here goes another post about the Ponmocup malware. Lots of things changed recently, but not all (luckily for defenders). Previously, the first redirection step was using a "/cgi-bin/r.cgi" pattern which was detected by this snort rule ( 2013181. Here's an example from 2011-08-03. PDF] As you can see in this report. Http:/ www9.dy...
c-APT-ure: February 2012
http://c-apt-ure.blogspot.com/2012_02_01_archive.html
Saturday, February 18, 2012. Not APT, but nasty malware (Ponmocup botnet). For once I don't write about APT, but about some nasty malware / botnet that I've been researching for almost a year. It's been called "Ponmocup botnet", but the malware has been called many different names (Ponmocup, Pirminay, Kryptik, Swisyn, Vundo etc). I've been putting most of my research on a privately hosted page here:. Http:/ www9.dyndns-server.com:8080/pub/botnet-links.html. Sorry about the bad formatting and strange URL).
c-APT-ure: June 2014
http://c-apt-ure.blogspot.com/2014_06_01_archive.html
Tuesday, June 3, 2014. By chance I just noticed that I wrote the Introducing Ponmocup Finder. Blog post exactly two years ago. So it's time to celebrate the second anniversary :-). Well, I was wondering if anyone else is currently detecting the .htaccess infections that Ponmocup Finder (PF) reports. Let's see. Let's just look at any of the almost 500 domains currently being detected by PF as infected. 437 www.vitaminbude.de. This German site has been seen infected since more than 430 days. 12:06:50- http...
c-APT-ure: December 2013
http://c-apt-ure.blogspot.com/2013_12_01_archive.html
Sunday, December 15, 2013. Ponmocup Hunter is (re-)tired. Update: Video from BotConf talk available now :-). For over two and a half years now, since March 2011, I've been researching and analysing this Ponmocup malware, which has so many different names. During this time I've written several blog posts, malware analyses [ 1. A " Ponmocup Finder. Tool and published (CIF) feeds of malware domains. Ponmocup Hunter" SANS DFIR Summit 2013. History of Ponmocup Malware / Botnet. My public work is done (at leas...
c-APT-ure: Two years later...
http://c-apt-ure.blogspot.com/2014/06/two-years-later.html
Tuesday, June 3, 2014. By chance I just noticed that I wrote the Introducing Ponmocup Finder. Blog post exactly two years ago. So it's time to celebrate the second anniversary :-). Well, I was wondering if anyone else is currently detecting the .htaccess infections that Ponmocup Finder (PF) reports. Let's see. Let's just look at any of the almost 500 domains currently being detected by PF as infected. 437 www.vitaminbude.de. This German site has been seen infected since more than 430 days. 12:06:50- http...
TOTAL LINKS TO THIS WEBSITE
14
Through the Gates – Perspectives from IU Bloomington
Perspectives from IU Bloomington. April 8, 2015. When I look out my office window near our iconic Sample Gates, I see the intelligent, creative and engaging people who make Indiana University Bloomington such an inspiring place to study, research and create. Each person who walks through those gates contributes to the IU Bloomington story. That’s why I’m calling this new blog Through […]. Through the Gates podcast. November 28, 2016. Glenn Gass on the history of rock and roll. November 2, 2016. Ever acci...
The Provost's Blog
Wolf Prize in Mathematics 2015 James G. Arthur. February 4, 2015. By The Provost's Blog. Congratulations to Professor James G. Arthur. On winning the 2015 Wolf Prize in Mathematics. Photo by: John Guatto. The Wolf Prizes have been awarded by the Wolf Foundation. Last week, Provost Regehr attended a celebration at the Math Department to congratulate Professor Arthur, saying:. Professor Arthur is indeed worthy of such an honour. When we awarded him the rank of University Professor in 1987. Through his bril...
ProVu Blog
Apply to be a reseller. Sangoma Expand the s-Series of IP Phones. Mar 13, 2018. Sangoma has added two new phones to its s-series. Designed to be used with FreePBX. Wrap around the existing series to add a new entry level and executive level option. Full duplex speaker phone. Dual 10/100Mbps Ethernet ports. 43″ full colour display. 45 programmable soft keys. Dual Gigabit Ethernet ports. Full duplex speaker phone. Inbuilt WiFi & Bluetooth Support. Log in to ProSys for Trade Pricing. Mar 07, 2018. Register ...
Su solución de proyectos para Internet
Su Solución de Proyectos para Internet. Construimos soluciones innovadoras para tu negocio. We specialize in giving life to your projects. We have a creative, innovative and highly qualified team, always ready to advise you in all phases of your project. These are some our clients. They have trusted us to develop their projects and we love support them. Vitrofibras de Venezuela C.A. Walco Industrial S.A. Mona Industrias de Venezuela C.A. Background & experience. We respect your time. In Proweb Global we ...
prowling - NSM foo
Prowling - NSM foo. Network security with a twist of Incident Response tidbits and other IT-security related topics. Friday, June 17, 2016. Cuckoo with Microsoft Enhanced Mitigation Experience Toolkit (EMET). I have been toying with the idea to retrieve Microsoft event log messages from my Cuckoo instances for a while. But I did not have any chance to make anything out of the idea, until now. As you already have Python installed on the guest, you can use pip. So this got me thinking (I know, crazy times!
Prowly blog
Learn cool PR tips and tricks with Prowly. PR tips and tricks. Tips and tricks for how to build a better online newsroom. Traditional Public Relations is dying - we have heard this in the media for several years. The fact is that it will be a long time before press releases disappear. A press release is still the best way to inform journalists, bloggers and opinion leaders about the most important activities of our company. From the early 90’s of the last century (sic! PR tips and tricks. Page 1 of 1.
Pro World Inc. - The Pro World Blog!Pro World Inc. | The Pro World Blog!
The Pro World Blog! Mug Press Round Up: Which mug press is best for you? March 15, 2018. Do you want to decorate mugs. But don’t know where to start? Today’s post is going to help! Below you will find an overview of our different mug presses. And videos on how to use them! 1 – The TransPro Mug Heat Press. 8211; MP996 accommodates 11 oz mug, 15 oz mugs, and water bottles. It offers a digital timer and temperature control. And allows for easy pressure adjustment. Making mug printing a cinch! Watch the diff...
Blog proxibeauté : le blog de l'essentiel de la beauté, de la mode, de la coiffure et pleins d'autres !
L'observatoire du monde de la beauté. Nous suivre sur twitter. Tutos & tips. Actu du monde de la beauté. Idées coupes et coiffures. Les fêtes de fin d'année sont souvent synonymes de passage chez le coiffeur. A cette . Pour Noel : offrez les hits. Noel arrive doucement mais surement. L'an dernier nous vous avions proposé une sélection beauté pour . Les huiles essentielles font aussi partie des remèdes de grands mères. Naturelles, elles sont en . Idées coupes et coiffures pour les fêtes. On déc - 2 - 2012.
Proxima Software Solutions Blog
Emite Service Desk Analytics on YouTube. August 8, 2013. Danish Council reduce password reset helpdesk calls by 80% using FastPass Password Manager. April 22, 2013. Many IT-departments have experienced that self-service solutions are not being used by end-users; they continue to call the service. Desk Particularly when you need to change user behavior results are frequently much lower than planned. Varde’s experience with FastPass. Download the full story. January 9, 2013. This may be because it is borin...
PRÓXIMA – La agencia de comunicación más Próxima al cliente
La agencia de comunicación más Próxima al cliente. Nuestros propósitos para el 2017. Para comenzar el año quisimos dedicar unos minutos a pensar qué nos gustaría alcanzar este 2017, no sólo para tenerlo por escrito y poderlo revisar durante y a finales del año para valorar metas alcanzadas, pero para conocernos y que nos conozcan más como equipo, acá lo que escribimos: Lo más grandioso de los comienzos son…. 8230; QUE COMIENCEN LOS PROPÓSITOS. El origen ético de la sostenibilidad. Probablemente han escuc...
