And, for those interested, here is the video as well:
Tuesday, September 23, 2014
OSSEC CON 2014 - Malware Detection with OSSEC
Happy to share my presentation from the OSSEC CON, which took place on September 16th in Cork, Ireland. Here you can find a brief explanation of different malware collection and analysis techniques, as well as a good example of how to use some IOCs to create a rootcheck signature.
And, for those interested, here is the video as well:
And, for those interested, here is the video as well:
Labels:
cuckoo,
malware,
ossec,
virustotal,
volatility,
yara
Updated OSSEC debian packages
Just published new versions ossec-hids_2.8-2 and ossec-hids-agent_2.8-2, for the different Debian distributions. Those can be found here: http://ossec.alienvault.com/repos/apt/debian/pool/main/o/
Here are the changelogs:
I also took the opportunity to update generate_ossec.sh script, which now accepts a few different arguments:
Here are the changelogs:
ossec-hids (2.8-2) stable; urgency=low
* Fixed Makefile to use ossec-hids-debian.init instead of ossec-hids.init (fixes LSB headers warning).
* Fixed CVE-2014-5284. Patch included.
* Included debconf and templates for initial package configuration (email_to, email_from and smtp). ossec-hids-agent (2.8-2) stable; urgency=low
* Fixed Makefile to use ossec-hids-debian.init instead of ossec-hids.init (fixes LSB headers warning).
* Fixed CVE-2014-5284. Patch included.
* Included debconf and templates for initial package configuration (server_ip). I also took the opportunity to update generate_ossec.sh script, which now accepts a few different arguments:
santiago@debian-package:~# ./generate_ossec.sh -h
USAGE: Command line arguments available:
-h | --help Displays this help.
-u | --update Updates chroot environments.
-b | --build Builds debian packages.
-s | --sync Synchronizes with the debian repository.