The InfoSec Marshmallow

April 23, 2018 | Bob Covello
October 4, 2011 | Jaime Blasco

Metasploit Payloads VS Libemu

                    Today we will analyze the detection capabilities of libemu [no longer available] using the Metasploit payloads.Libemu is a small library to detect and analyze x86 shellcodes using heuristics.We have written a small script to automatically generate Metasploit payloads and see if libemu is…

September 21, 2011 | Dominique Karg

RAID 11 @ Menlo Park, CA (notes and rants)

I attended RAID these past couple of days and must say I come out of it with mixed feelings. I had moments of great fun, saw some good stuff but most of the conferences were waaaaaaay too theoretical for my taste.Anyway, these notes have to be taken with a grain of salt. I know that many people have put…

Get the latest security news in your inbox.

Subscribe via Email

September 19, 2011 | Dominique Karg

OISF/Suricata Brainstorming session

Just attended the OISF Suricata brainstorming session, it was really fun (unlike the RSA one ;-)).Happening at the same venue than RAID 11 (which I’ll be attending with Jaime too), it was 3+ hours of brainstorming, discussing IDS/IPS and learning about a bunch of new concepts.I think they’re doing a real good job on it and…

September 19, 2011 | Dominique Karg

To blog or not to blog?

I’ve got a doubt here. I really like G+ and I also want to Blog again about various things… but I have no idea how to get the best of both without repeating work.I guess for now I’ll be posting here and sharing on G+ :-) …

September 16, 2011 | Dominique Karg

3.0 is out!!!

We’re proud to announce the immediate availability of our newest release. This release has huge improvements, but the best way to check it out is:Check out the slideshare slides. Download it!Enjoy :-)…

January 13, 2011 | Dominique Karg

Top 5 reasons for choosing Alienvault

This was a response from a customer whom I’m keeping anonymous unless he wants to step up, I was glad to read that and it always feels good to have this type of feedback.Sure…here they are in order of importance to me.1. - Industry standard open source software - I don’t care who you are, if…

January 4, 2011 | Jaime Blasco

Inside Geinimi Android Trojan. Chapter Two: How to check remotely the presence of the trojan

In this chapter, we continue describing some of the trojan components. We realized that the code contains some ServerSocket stuff so let’s take a look at the system.To obtain more information about a process on android we can upload the lsof tool to a rooted via adb tools. You can download the lsof static file here http:/…

January 3, 2011 | Jaime Blasco

Inside Geinimi Android Trojan. Chapter One: Encrypted data and communication

Last week a new trojan affecting Android phones has been discovered. Called Geinimi, the trojan is hidden into other existing apps.At the moment, it has been detected only in third-party Chinese app markets and Google Android Market does not seem to be compromised.The main difference between Geinimi and previously discovered Android Trojans is the potential to communicate with…

December 27, 2010 | Dominique Karg

Company status update

2010 has been an incredibly exciting year for Alienvault. The goals were set high and a lot of new stuff was supposed to happen, looking back at it now I first realize what we have achieved and how much work we’ve put into it.On October 2009 both the Alienvault CEO and CTO joined a trip to Silicon Valley promoted by…

August 4, 2010 | Jaime Blasco

Analysis of Trojan-SMS.AndroidOS.FakePlayer.a

Trojan-SMS.AndroidOS.FakePlayer.a is one of the first malicious programs detected on Android Smartphones.The program camouflages itself to look like a media player application and begins sending SMS to premium numbers without the user’s knowledge.To analyze the .APK android file we can use the android-apktool ( to decode the application resources…

July 26, 2010 | Jaime Blasco

Scada: New threat targets critical infrastructure systems

A new malware called Stuxnet is currently targeting Scada systems. This could be one of the thousands of pieces of malware used by criminals but I want to emphasize some of the characteristics that make this attempt important enough to think over.The malware is designed specifically to attack Siemens WinCC systems. This software controls and monitors industrial processes such…

April 29, 2010 | Dominique Karg

How would you describe OSSIM?

We’re currently giving a minor facelift.What we want to feature there is nice things actual users can say about OSSIM. So if you’re a happy OSSIM user and don’t mind being quoted (anonymous references are welcome of course) on our frontpage, please comment on this post so that we can…

Watch a Demo ›