Hunting for Linux library injection with Osquery

June 20, 2019 | Jaime Blasco
Jaime Blasco

Jaime Blasco

Vice President and Chief Scientist

Jaime Blasco is a renowned Security Researcher with broad experience in network security, malware analysis and incident response. At AT&T Cybersecurity, Jaime leads the Alien Labs Intelligence and Research team that leads the charge of researching and integrating threat intelligence into detection mechanisms. Prior to working at AT&T, Jaime was Chief Scientest at AlienVault. Prior to that, he founded a couple of startups (Eazel, Aitsec) working on web application security, source code analysis and incident response. He is based in San Francisco. Jaime's work in emerging threats and targeted attacks is frequently cited in international publications such as New York Times, BBC, Washington Post and Al Jazeera.

July 7, 2009 | Jaime Blasco

Ossim: 0-day in Microsoft DirectShow

A 0-day exploit in Microsoft Video ActiveX Control is being exploited by malicious sites. Many people is covering this vulnerability and seems that will be widely deployed. Alienvault’s feed customers are protected and covered with these directives: 45046:AV Possible MSVidCtl Client side attack detected against SRC_IP (KB-972890) 45047:AV Possible Malicious Server exploiting MSVidCt against DST_IP (KB-972890) 45048:AV…

June 20, 2009 | Jaime Blasco

sobek-hids: Host Monitoring System

I’ve just created a google code’s project with some code I wrote some time ago. Sobek-Hids is a python based Host IDS system capable to monitor: Registry Changes File Activity Process Creation Printing Jobs External Drives (USB Disk Plugs) Shared Resources Windows Accounts Logon Firewall Changes I hope I will have the time to continue and improve this…

Get the latest security news in your inbox.

Subscribe via Email

March 10, 2009 | Jaime Blasco

Ossim: Shellcode Detection and Analysis

I’m glad to announce a new feature we have added to forensic console. We use libemu to make shellcode detection and analysis to help on forensic analysis and reduce false positives, an example: …

February 3, 2009 | Jaime Blasco

New Directives

I’ve just update the public CVS with some new directives as part of the effort we are doing to improve the upcoming installer: Attacks: Possible Successful Attack: Reverse Shell Access to the System Possible POP3 Bruteforce against SRC_IP Possible FTP Bruteforce against SRC_IP Command execution against webserver on DST_IP File /etc/passwd access on DST_IP …

January 3, 2009 | Jaime Blasco

25C3: Fake CA Certificates

A security research team has demostrated how to use MD5 collision to create a rogue Certificate Authority certificate with a cluster of 200 ps3s!! You can find all the information here The attack take advantage of a weakness in the MD5 cryptographic hash function that allows the construction of different messages with the same MD5 hash and affects CAs that…

October 15, 2008 | Jaime Blasco

Microsoft Exploitability Index

Microsoft has just added a new index to new security bulletins to provide additional information about the potential exploitability of vulnerabilities associated with a Microsoft security update. The index classify each vulnerability with the Exploitability Index Assessment that indicate the likelihood of functioning exploit code, the three possible values are: - 1 Consistent exploit code likely - 2 Inconsistent exploit code likely …

August 20, 2008 | Jaime Blasco

3d Nmap

Here is a screenshot of a project I’m working on. The tool parse XML nmap scan files and shows an interactive 3d environment where you can inspect nmap scanning results. I’m developing with XNA (C#). I’ll will publish the code as soon as I fix some errors. …

August 11, 2008 | Jaime Blasco

Last Scada OPC Nessus Plugins

We have released some new Nessus Plugins related to OPC Servers security issues. List of New OPC Nessus Plugins: Multiple vulnerabilities in Comsoft Profibus OPC server Multiple vulnerabilities in Beijer Electronics OPC server Multiple vulnerabilities in VIPA OPC server Multiple vulnerabilities in Gesytec Easylon OPC server 2.0 Multiple vulnerabilities in Junzhi BACnet OPC server Multiple vulnerabilities in IPCDAS NAPOPC OPC server …

August 11, 2008 | Jaime Blasco

New Scada OPC Nessus Plugins

Today we have released some new Nessus Plugins related to OPC Servers security issues. List of New OPC Nessus Plugins: Multiple vulnerabilities in KEPware KEPServerEx 4 OPC server   Multiple vulnerabilities in Triangle MicroWorks OPC Server 2.0.2 Multiple vulnerabilities in Comsoft L1 OPC server We’ll release new plugins related to OPC and Scada in general during the next weeks!!! …

August 6, 2008 | Jaime Blasco

An approach to malware collection log visualization

I have just published an article related to malware collection log visualization. The paper focus on visualization of Nepenthes logs using AfterGlow. In the paper you can find information about correlation ips with countries and binary files with ClamAV signatures with the goal of generating interesting graphs. Get it here …

August 6, 2008 | Jaime Blasco

Visualization of Api calls and Imported symbols of malware binary files

I’m developing a tool to extract interesting information from malware files with the goal of generating a relation graph. The tool extract api calls and imported symbols of binary files, I?ve make some interesting graph from malware files collected by Nepenthes. # # Jaime Blasco - jaime.blasco[at]alienvault.com # # Thanks to Jan Goebel # [Amun - low interaction…

August 6, 2008 | Jaime Blasco

Scada: OPC Nessus Plugins

During the development of the Free Nessus Feed we are writing some interesting plugins about Scada. Today we released some plugins relating to OPC (OLE for Process Control) Servers, OPC standard specifies the communication of real-time plant data between control devices from different manufacturers. List of OPC Nessus Plugins: Multiple vulnerabilities in NETxEIB OPC server CVE-2007-1313 Multiple vulnerabilities in…

Watch a Demo ›
Get Price Free Trial