Memory Analysis - time to move beyond XP
One of my interests for the last couple of years has been memory analysis especially for use in malware analysis. I've mentioned the volatility framework in previous diaries, and I use it for nearly all of my memory analysis of WindowsXP systems, but I've recently begun thinking about what tools I need in order to do similar analysis on Mac OS X machines. So, I was thrilled when I saw that Matthieu Suiche (of windd fame) was doing a talk at BlackHat-DC on Mac OS X memory analysis. The slides are now available and can be found here, and the whitepaper here. A pretty nice read.
---------------
Jim Clausing, jclausing --at-- isc [dot] sans (dot) org
SEC 503: Intrusion Detection In-Depth coming to central OH beginning 22 Feb, http://www.sans.org/mentor/details.php?nid=20864
WordPress iframe injection?
One of the things we seem to harp on here at the SANS Internet Storm Center is monitoring your logs. One of our faithful readers, Neal, sent us an e-mail this afternoon regarding some strange entries he found in his Apache logs (see below) and some rumblings of a number of WordPress blogs being compromised. He was in contact with one of the affected bloggers and they figured out that the compromise resulted in the injection of some obfuscated javascript that created a hidden iframe. We haven't heard exactly what the vulnerability was that was exploited, but if the log entries are actually related there may be a permission problem or perhaps some sort of SQL injection issue with joomla or the tinymce editor (at least, that is what the log entries showed that someone is looking for). If any of our readers have info on what the vulnerability is (a Google search didn't show anything recent for tinymce, there was a Joomla vulnerability reported in January but the exploits I've seen didn't touch license.txt), please drop us a line and we will update this diary. The particular log entry that caught Neal's attention was
GET /joomla/plugins/editors/tinymce/jscripts/tiny_mce/license.txt
So you may want to be on the lookout for those in your own logs.
---------------
Jim Clausing, jclausing --at-- isc [dot] sans (dot) org
SEC 503: Intrusion Detection In-Depth coming to central OH beginning 22 Feb, http://www.sans.org/mentor/details.php?nid=20864
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago