|
No, I don't have a witty title in a dead language, but as many of you are aware, I'm constantly on the lookout for useful tools, so I was intrigued when I came across an announcement yesterday that Mandiant had released a free tool aimed at incident handlers, called Red Curtain. The purpose of the tool is to highlight which files may be suspicious and require a closer look by investigators. The tool scores files based on some interesting characteristics including entropy (how random the file is, which may be an indication of encryption), indications of packing, specific signatures of compilers and packers, digital signatures, etc. It certainly isn't foolproof, but is aimed at narrowing the investigator's initial job and would correctly flag anything written by Tom "if Latin isn't your thing, next time I'll try Sanskrit (shouldn't that be the official language of SANS anyway)" Liston. |
Jim 423 Posts ISC Handler Aug 9th 2007 |
| Thread locked Subscribe |
Aug 9th 2007 1 decade ago |
It sounds like a decent idea. Has anyone out there tried it, yet? If so, Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
