Jaime Blasco Blog : /2008/Aug/06 06 Aug 2008

Parsing Cisco Mib
Wed, 06 Aug 2008

I wrote a little python script to parse Cisco mib. I need this information to implement part of the Nessus Feed Cisco stuff, for example to retrieve the cisco model from snmp.

#
# Parse Cisco Products MIB
#
# You can download mib file from http://www.oidview.com/mibs/9/CISCO-PRODUCTS-MIB.html
#

import re
import fileinput

for line in fileinput.input("cisco_mib_parse.txt"):
        #catalyst296024LT                OBJECT IDENTIFIER ::= { ciscoProducts 951 } -- 24 10/100, 8 POE and 2T ports switch
        p = re.compile("(\S+).*ciscoProducts ([0-9]+)")
        m = p.match(line)
        model = m.group(1)
        number = m.group(2)

posted at: 11:48 | path: /Nessus/cisco | permanent link to this entry | 1 comments | nessus, cisco

An approach to malware collection log visualization
Wed, 06 Aug 2008

I have just published an article related to malware collection log visualization. The paper focus on visualization of Nepenthes logs using AfterGlow. In the paper you can find information about correlation ips with countries and binary files with ClamAV signatures with the goal of generating interesting graphs. Get it here

posted at: 11:47 | path: /Security Visualization/Malware | permanent link to this entry | 1 comments | malware,security visualization, log analysis

Visualization of Api calls and Imported symbols of malware binary files
Wed, 06 Aug 2008

I'm developing a tool to extract interesting information from malware files with the goal of generating a relation graph. The tool extract api calls and imported symbols of binary files, I´ve make some interesting graph from malware files collected by Nepenthes.
::read more

posted at: 11:46 | path: /Security Visualization/Malware | permanent link to this entry | 0 comments | visualization, malware

AlienVault Free Nessus Feed
Wed, 06 Aug 2008

We have started a Free Nessus Feed you'll found more information at the nessus feed page: http://www.alienvault.com/free_nessus_feed.php

posted at: 11:45 | path: /Nessus | permanent link to this entry | 0 comments | nessus, alienvault

Showing relation graph between nessus scripts and include files
Wed, 06 Aug 2008

I have make an interesting graph showing the relation between nessus scripts and include files

Click to view large image

posted at: 11:42 | path: /Nessus | permanent link to this entry | 3 comments | nessus,visualization

Scada: OPC Nessus Plugins
Wed, 06 Aug 2008

During the development of the Free Nessus Feed we are writing some interesting plugins about Scada.

Today we released some plugins relating to OPC (OLE for Process Control) Servers, OPC standard specifies the communication of real-time plant data between control devices from different manufacturers.

List of OPC Nessus Plugins:

Multiple vulnerabilities in NETxEIB OPC server CVE-2007-1313

Multiple vulnerabilities in Takebishi Electric DeviceXplorer FA-M3 OPC server CVE-2007-1313

Multiple vulnerabilities in Takebishi Electric DeviceXplorer HIDIC OPC server CVE-2007-1319

Multiple vulnerabilities in Takebishi Electric DeviceXplorer MELSEC OPC server CVE-2007-1319

Multiple vulnerabilities in Takebishi Electric DeviceXplorer SYSMAC OPC server CVE-2007-1319

We have write some functions for accesing DCOM Applications information throught WMI.

posted at: 11:41 | path: /Nessus/plugins | permanent link to this entry | 0 comments | nessus, scada, opc