I published the following diary on isc.sans.edu: “Live Patching Windows API Calls Using PowerShell“: It’s amazing how attackers can be imaginative when it comes to protecting themselves and preventing security controls to do their job. Here is an example of a malicious PowerShell script that patches live a DLL function
I published the following diary on isc.sans.org: “Detecting Undisclosed Vulnerabilities with Security Tools & Features“. Iâ€™m a big fan of OSSEC. This tools is an open source HIDS and log management tool.Â Although often considered asÂ the “SIEM of the poor”, it integrates a lot of interesting features and is fully configurable
FIM or “File Integrity Monitoring” can be defined as the process of validating the integrityÂ of operating systemÂ and applications filesÂ with a verification method using a hashing algorythm like MD5 or SHA1 and then comparing the currentÂ file state with a baseline. A hash will allow the detection of files content modification but
For the family usage, we have a laptop running Vista. Yesterday, the system suddenly requested to restart the OS without alternative. After the first reboot, I got the following screen: The laptop started an infinite loop of patch install, reboot, patch install, reboot, … I googled the message and found
623MB of patches? WTF!