Threat Level: Infocon green
Internet Storm Center
phpbb and sql errors asp sqlserver odbc sql errors

Today´s Diary

If you have more information or corrections regarding our diary, please share.


ISC StormCast for Thursday, May 23rd 2013 http://isc.sans.edu/podcastdetail.html?id=3326

advertisement
Diary Advertisement
Use Discount Code SANSFIREISC10 when registering to get a 10% discount!!

MoVP II

Published: 2013-05-23,
Last Updated: 2013-05-23 14:00:31 UTC
by Adrien de Beaupre (Version: 1)

1 comment(s)

Volatility is a Python framework for performing memory forensics. If you haven't tried it yet I highly recommend it. The Volatility Month of Volatility Plugins II is on! As announced here: http://volatility-labs.blogspot.ca/2013/05/whats-happening-in-world-of-volatility.html Volatility 2.3 is entering beta and the second MoVP (Month of Volatility Plugins) has started and is actually in their second installment. Some very exciting new stuff:

1.1 - Mach-O Address Space
1.2 - VirtualBox ELF64 Core Dumps
1.3 - VMware Snapshot and Saved State Analysis
1.4 - New HPAK Address Space
1.5 - ARM Address Space (Volatility and Andriod / Mobile)
2.1 - RSA Private Keys and Certificates
2.2 - Unloaded Windows Kernel Modules

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
My SANS Teaching Schedule

 

Keywords: memory forensics MoVP II plugins volatility
1 comment(s)
Top of page
Wireshark 1.10.0rc2 is now available http://www.wireshark.org/download.html

If you have more information or corrections regarding our diary, please share.

Diary Archive

DateAuthorTitle
2013-05-23 Adrien de Beaupre MoVP II (1 Comments)
2013-05-22 Adrien de Beaupre Privilege escalation, why should I care? (13 Comments)
2013-05-21 Adrien de Beaupre Moore, Oklahoma tornado charitable organization scams, malware, and phishing (0 Comments)
2013-05-20 Johannes Ullrich Ubuntu Package available to submit firewall logs to DShield (3 Comments)
2013-05-20 Guy Bruneau Safe - Tools, Tactics and Techniques (0 Comments)
2013-05-19 Kevin Shortt Port 51616 - Got Packets? (1 Comments)
2013-05-17 Daniel Wesemann e-netprotections.su ? (3 Comments)
2013-05-17 Johannes Ullrich SSL: Another reason not to ignore IPv6 (3 Comments)
2013-05-16 Joel Esler Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability (1 Comments)
2013-05-16 Daniel Wesemann Extracting signatures from Apple .apps (0 Comments)
Folder Icon Complete Archive
Search Diaries:

Diary Tagslink arrow

  plugins     web app sec     opendoc     security advisory     oklahoma     fantasia     gov     tornado     privilege escalation     ie 8     fake charities     kernel     rfc6724     ddos     malware analysis     got packets     enterprise certificate authority     usbexe     happy eyeballs     ios     email     typo squatting     port 51616     ipv6     microsoft     frequency hopping     cnn     java 7u21     javascript     java vulnerability     firefox     bcp 38     phishing     snort     tools     certutil     spamhaus     dshield     updates     flash     phish     watering hole     0 day     scam     postgresql     malware containment     61     psexec     thunderbird     patch tuesday     vulnerability     signature     linux     adobe     dos     spoofing     boston marathon     sysinternals     movp ii     java     ssl     cloudflare     vrt     memory forensics     usbdoc     outage     volatility     back tuesday     boston marathon bombing     51616     mozilla     rfc6555     apache     firewall     boston marathon scams     sourcefire     chargen     passwords     cisco     cve20120158     incident     ipv6 focus month     charity     fake tech calls     msft     black tuesday     ipv4     configuration     spam     java security update     packets     cyberbunker     preference     mt6d     advance notification     cyberterrorism     waco fertilizer plant explosion     notification     blackhole     patch     relays     google     certificates     hak5     denial of service     trojan     xss     security intelligence     overview     micorsoft     apple     certificate     remnux     boston marathon explosions     safe     malware     protocol     ubuntu     internet status     anti virus     webserver     bgp     disaster     patches     perimeter     exploit  
site/port/ip search:

Announcement!

IPv6 Support Added

Our iptables client now supports submitting IPv6 firewall logs.

ISC Polllink arrow

What are your plans when XP is no longer supported?

Latest RR Paperslink arrow

Event Monitoring and Incident Response

Dead Linux Machines Do Tell Tales

Setting Up a Database Security Logging and Monitoring Program

Managing the Implementation of a BYOD Policy

Analysis of the building blocks and attack vectors associated with the Unified Extensible Firmware Interface (UEFI)

World Map

world map

Trends

trend graph

Security News Feeds

InternetStormCenter
SANS Newsbites
SANS @Risk

Diary Archives

MoVP II - by: Adrien de Beaupre (2013-05-23)

Privilege escalation, why should I care? - by: Adrien de Beaupre (2013-05-22)

Moore, Oklahoma tornado charitable organization scams, malware, and phishing - by: Adrien de Beaupre (2013-05-21)

View Diary Archives

Search Diaries:

SANS Institute

View our Privacy Policy

Contact Us

Phone: (757) SANS-ISC (726-7472) - Voice Mail Only
Web Contact: handlers@isc.sans.edu
Report Bugs: Sourceforge Project
Debug Info: Browser Debug Info

"The experiences gained in the SANS Technology Institute program have helped me advance in IBM, taking a more public facing role."
- Jerome Radcliffe, SANS Technology Institute Student

"SANS is a 'giving back to the community factory.' SANS encourages and fosters growing security awareness and growing the security community."
- Rob VandenBrink, Alumni of SANS Technology Institute