The AlienVault Blogs: Taking On Today’s Threats
Latest

The most recent posts from across the AlienVault blogs.

Labs

Late-breaking discoveries and in-depth analysis.

How-To

Practical, how-to advice, tips and guidance.

Hot

Perspectives on trends and industry happenings.

Category: Forensics

Posted in Blog: Labs Blog

Protecting Mac OS X systems is a hot topic these days. Their prevalence in enterprise environments has been on the rise over the past decade, and the question of how to secure them remains a mystery to many.  This post will discuss new methods for securing Mac OS X. The internal security teams at Etsy, Facebook and GitHub recently… Read more

Posted in: Plugins, Alienvault OSSIM, Python, Forensics
Tags: ossim, alienvault, macosx, plugins, siem, apple, midas, mac, plist

Posted in Blog: Labs Blog

I’m sure all of you have heard about Mandiant’s APT1 report published yesterday. As many of you probably know we have been tracking and exposing this group for a long time as well as other individuals and companies in the security industry. A couple of examples are: - Win32/Coswid - Unveiling a spearphishing campaign and possible ramifications … Read more

Posted in: Attacks, Malware, APT, Forensics
Tags: yara, fireeye, apt1, commentcrew, volatilityjsunpack

Posted in Blog: Labs Blog

A couple of days ago, I was surfing our wild Internet when I came up with a dirty piece of software dedicated to steal accounts of a popular build-with-bricks videogame. The program offered a premium account of the videogame for free. The real fact is that it was a stealer, which installs a keylogger on your computer to record and… Read more

Posted in: Malware, Windows, Forensics
Tags: malware, ardamax keylogger, volatility, stealer, keylogger

Posted in Blog: Labs Blog

A few days ago, The Iranian CERT (Maher Center) released information about a new identified targeted malware with wiping capabilities. The piece of code is very simple and it deletes files on different drives on specific dates. The original dropper is a self-extracting RAR file with the name GrooveMonitor.exe. Once executed it extracts the following files: \WINDOWS\system32\SLEEP… Read more

Posted in: Attacks, Malware, APT, Forensics
Tags: wiper, maher, iran

Posted in Blog: Labs Blog

It is well known that a big amount of malware samples are aware of the execution environment. This means that a malware sample can change his behavior if it detects that the running environment is unwanted. There are resources, public source code, and even programs that detail how to bypass automatic malware analysis systems and make things awkward for malware… Read more

Posted in: Malware, General, Forensics
Tags: malware, yara, sandbox, debugging, vm, reversing, signatures