The most controversial #nbcpolitics tweet of today’s presidential debate wasn’t particularly profound, but it will be the most talked about because of the account it came from and the 24,000 people it reached: @KitchenAidUSA: “Obamas gma even knew it was going 2 b bad! ‘She died 3 days b4 he became president’.” #nbcpolitics The tweet [...]
After a busy April patch month, May’s patch Tuesday proves to be much quieter with two updates released by Microsoft. Although deemed critical, read the details below to see how your environment may or may not be affected. Microsoft Updates ID: MS10-030 Title: Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution [...]
We begin a new year and arrive at the first patch Tuesday of the decade. The news and spread of malware related to Adobe Reader continues to gain momentum and the information security community believes that this year will produce more exploits using Reader. I will include both the Microsoft and Adobe updates in these [...]
About a month ago, there was much news about the release of COFEE into the torrent wild. I even gave my two cents about the much hyped forensics toolkit which is provided to law enforcement for the purposes of easily capturing volatile data from personal computers during evidence collection. A tool to counter COFEE, aptly [...]
Today marks the last Microsoft patch Tuesday of 2009, and Microsoft has released patches to six bulletins: MS09-071 – Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318) MS09-074 – Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183) MS09-072 – Cumulative Security Update for Internet Explorer (976325) MS09-069 – Vulnerability [...]
It’s been a while since my last post regarding Powershell which showed how to scan hosts for network interfaces in promiscuous mode. This time around, we’ll scan for some well known ports in our Active Directory to see who has a local IIS or SQL Express running on their machine. I know what you’re thinking. [...]
In my last OSSEC post “OSSEC: Agentless to save the day” I went over how to setup agentless monitoring using the built in scripts. With this post I am going to get into the details of how to modify the OSSEC supplied scripts to do your bidding.
OSSEC is a Host Intrusion detection system (HIDS) in name, but in reality it is far more. It’s able to look for rootkits, monitor logs (LIDS), and even actively respond to defined events. While all these features are great the unsung hero is agentless monitoring.