Monday, July 30, 2007
Evil Bits: Fighting Forensics
As if freelance writing with things now appearing in both Network Computing and Information Week magazines weren't keeping me busy enough, I'm now a blogger with DarkReading.com. My blog is titled "Evil Bits" and the first post is now available, "Fighting Forensics." It covers some of the current news surrounding antiforensics being released at Black Hat this week, a little history about this area of research and links to previous presentations from Black Hat. Chew up a red pill and take a read...
Monday, July 23, 2007
Microsoft Malware Removal Starter Kit
I came across this "Microsoft Malware Removal Starter Kit" Friday evening. I don' remember where I saw it, now, but it was released on July 10 and didn't get any recognition in any of the blogs that I frequent.
Basically, they've put together instructions for what I had created while at a previous position here at UF. The HelpDesk for our dept needed a way to do offline scanning and no one was capable of using a Linux Live boot CD to run ClavAV, so I created a disk with BartPE and included several useful tools such as a registry editor and CLI version of McAfee VirusScan.
While BartPE bordered on being a violation of MS' EULA, it never became a target of MS for a takedown. It's interesting that MS has now decided to leverage their WinPE for doing malware removal. Sure, they leave it up to the user to create the disk and add the tools, but they have a brain dead guide on how to do it. Maybe someone at MS said, "Hey, we use this WinPE thingie for creating images for deploying via WDS and installing Windows. I bet we could add more tools and make it even more useful." Well, they probably didn't say that, but I'm glad they didn't say something like, "How can we charge for this!"
Basically, they've put together instructions for what I had created while at a previous position here at UF. The HelpDesk for our dept needed a way to do offline scanning and no one was capable of using a Linux Live boot CD to run ClavAV, so I created a disk with BartPE and included several useful tools such as a registry editor and CLI version of McAfee VirusScan.
While BartPE bordered on being a violation of MS' EULA, it never became a target of MS for a takedown. It's interesting that MS has now decided to leverage their WinPE for doing malware removal. Sure, they leave it up to the user to create the disk and add the tools, but they have a brain dead guide on how to do it. Maybe someone at MS said, "Hey, we use this WinPE thingie for creating images for deploying via WDS and installing Windows. I bet we could add more tools and make it even more useful." Well, they probably didn't say that, but I'm glad they didn't say something like, "How can we charge for this!"
Thursday, July 19, 2007
Addendum: Online Malware Scanners
I posted last fall about online scanners that I like to use when doing malware research. Here's a quick addition: "Anubis: Analyzing Unknown Binaries"
Anubis is excellent and much more in-depth than anything else currently available for free.
Anubis is excellent and much more in-depth than anything else currently available for free.
I'm back...
After much debate on whether or not to continue blogging, I decided to give it another shot and just not worry so much about the perfection that I typically seek when publishing content. I will try to be more fluid and less focused on making everything I post absolutely perfect which is what causes me to take *so very long* to put up posts and even not post because of the production effort.
So, I'm back...we'll see how it goes.
So, I'm back...we'll see how it goes.
Subscribe to:
Posts (Atom)