I published the following diary on isc.sans.edu: “Live Patching Windows API Calls Using PowerShell“: It’s amazing how attackers can be imaginative when it comes to protecting themselves and preventing security controls to do their job. Here is an example of a malicious PowerShell script that patches live a DLL function
Tag: patch
[SANS ISC Diary] Detecting Undisclosed Vulnerabilities with Security Tools & Features
I published the following diary on isc.sans.org: “Detecting Undisclosed Vulnerabilities with Security Tools & Features“. I’m a big fan of OSSEC. This tools is an open source HIDS and log management tool. Although often considered as the “SIEM of the poor”, it integrates a lot of interesting features and is fully configurable
Improving File Integrity Monitoring with OSSEC
FIM or “File Integrity Monitoring” can be defined as the process of validating the integrity of operating system and applications files with a verification method using a hashing algorythm like MD5 or SHA1 and then comparing the current file state with a baseline. A hash will allow the detection of files content modification but
while(true) { reboot(); }
For the family usage, we have a laptop running Vista. Yesterday, the system suddenly requested to restart the OS without alternative. After the first reboot, I got the following screen: The laptop started an infinite loop of patch install, reboot, patch install, reboot, … I googled the message and found
M$ Patch Joke
623MB of patches? WTF!