http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2010-07-23 18:29:22 - Lenny Zeltser's Website : I joined the conversation on the SecuraBit Episode 61 podcast, discussing malware analysis techniques and the ways in which the REMnux distribution can assist IMAGE http://www.secuobs.com/revue/news/243328.shtmlhttp://www.secuobs.com/revue/news/243328.shtml Secuobs.com : 2010-07-09 05:47:14 - Lenny Zeltser's Website - REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software I use REMnux in the malware analysis course I teach at SANS REMnux is also available as a public download IMAGE http://www.secuobs.com/revue/news/238979.shtmlhttp://www.secuobs.com/revue/news/238979.shtml Secuobs.com : 2010-07-03 03:30:28 - Lenny Zeltser's Website - I was interviewed by the Ethical Hacker Network's Jamy Klein on topics related to malware The full interview is at the following link IMAGE http://www.secuobs.com/revue/news/237308.shtmlhttp://www.secuobs.com/revue/news/237308.shtml Secuobs.com : 2010-06-16 23:20:33 - Lenny Zeltser's Website - I will be teaching my malware analysis course through SANS' live on-line training platform vLive To help promote this class, SANS provided me with a very uncommon 25pourcents discount code for this event IN610 You are welcome to use this code until the end of June 2010 The class will be taught every Monday and Thursday 7 9 30PM ET starting on July 26 10 sessions in total IMAGE http://www.secuobs.com/revue/news/232230.shtmlhttp://www.secuobs.com/revue/news/232230.shtml Secuobs.com : 2010-03-08 21:24:47 - Lenny Zeltser's Website - Examining the capabilities of malicious software allows your IT team to better assess the nature of a security incident, and may help prevent further infections Here's how to set up a controlled malware analysis lab for free IMAGE http://www.secuobs.com/revue/news/199442.shtmlhttp://www.secuobs.com/revue/news/199442.shtml Secuobs.com : 2010-03-08 21:24:47 - Lenny Zeltser's Website - This cheat sheet presents a checklist for reviewing critical logs when responding to a security incident It can also be used for routine log review Co-authored with Anton Chuvakin IMAGE http://www.secuobs.com/revue/news/199441.shtmlhttp://www.secuobs.com/revue/news/199441.shtml Secuobs.com : 2010-02-19 17:39:26 - Lenny Zeltser's Website - As the world of malware continues to evolve, so must the defenders' ability to understand the nature of the threat Fortunately, the development of tools and techniques for reverse-engineering malicious software is not standing still I'm excited about the opportunity to cover additional approaches to analyzing malware as part of the REM course expansion The topics added to the course include analyzing malicious document files Microsoft Office and Adobe PDF , as well as memory forensics IMAGE http://www.secuobs.com/revue/news/193582.shtmlhttp://www.secuobs.com/revue/news/193582.shtml Secuobs.com : 2010-01-15 22:11:41 - Lenny Zeltser's Website - I joined the conversation on the InfoSec Daily Podcast, Episode 43 discussing malware threats and analysis trends IMAGE http://www.secuobs.com/revue/news/182171.shtmlhttp://www.secuobs.com/revue/news/182171.shtml Secuobs.com : 2009-11-20 06:59:30 - Lenny Zeltser's Website - This cheat sheet outlines tips and tools for reverse-engineering malicious documents, such as Microsoft Office DOC, XLS, PPT and Adobe Acrobat PDF files IMAGE http://www.secuobs.com/revue/news/163270.shtmlhttp://www.secuobs.com/revue/news/163270.shtml Secuobs.com : 2009-11-03 12:50:14 - Lenny Zeltser's Website - There are several free automated malware analysis services that can examine compiled Windows executales to save us time and provide a sense about the specimen's capabilities Here's a listing of such free on-line tools IMAGE http://www.secuobs.com/revue/news/156585.shtmlhttp://www.secuobs.com/revue/news/156585.shtml Secuobs.com : 2009-11-03 12:50:14 - Lenny Zeltser's Website - Several organizations maintain and publish blocklists aka blacklists of IP addresses and URLs of systems and networks suspected in malicious activities on-line Here are the publicly-available lists IMAGE http://www.secuobs.com/revue/news/156584.shtmlhttp://www.secuobs.com/revue/news/156584.shtml Secuobs.com : 2009-11-03 12:50:14 - Lenny Zeltser's Website - Several organizations offer free on-line tools for looking up a potentially malicious website Some of these tools provide historical information others examine the URL in real time to identify threats Here's a list of site tools IMAGE http://www.secuobs.com/revue/news/156583.shtmlhttp://www.secuobs.com/revue/news/156583.shtml Secuobs.com : 2009-09-30 19:56:30 - Lenny Zeltser's Website - In my SANS Institute course, I teach security and systems professionals how to reverse-engineer malicious software This note summarizes my recommendations for what to include in the report that describes the results of the malware analysis process IMAGE http://www.secuobs.com/revue/news/146079.shtmlhttp://www.secuobs.com/revue/news/146079.shtml Secuobs.com : 2009-09-29 18:55:27 - Lenny Zeltser's Website - This paper documents a comprehensive architecture for defending network resources of a fictitious company It illustrates an approach to setting up a strong security perimeter IMAGE http://www.secuobs.com/revue/news/145596.shtmlhttp://www.secuobs.com/revue/news/145596.shtml Secuobs.com : 2009-09-29 18:55:27 - Lenny Zeltser's Website - This report presents results of a detailed information security audit of UNIX systems that belong to a fictitious company It illustrates an approach to performing such an examination IMAGE http://www.secuobs.com/revue/news/145595.shtmlhttp://www.secuobs.com/revue/news/145595.shtml Secuobs.com : 2009-09-29 18:55:27 - Lenny Zeltser's Website - This paper provides a detailed analysis of several anomalous network events, and illustrates the techniques for examining alerts and logs generated by a network intrusion detection system IMAGE http://www.secuobs.com/revue/news/145594.shtmlhttp://www.secuobs.com/revue/news/145594.shtml Secuobs.com : 2009-09-29 18:55:27 - Lenny Zeltser's Website - This often-cited article discusses the history and the structure of the Web, and offers a peak at the future of information sharing IMAGE http://www.secuobs.com/revue/news/145593.shtmlhttp://www.secuobs.com/revue/news/145593.shtml Secuobs.com : 2009-09-29 18:55:27 - Lenny Zeltser's Website - I contributed a few chapters to this Ed Skoudis' book, which focuses on defending against the threat of malicious code IMAGE http://www.secuobs.com/revue/news/145592.shtmlhttp://www.secuobs.com/revue/news/145592.shtml Secuobs.com : 2009-09-29 18:55:27 - Lenny Zeltser's Website - This article, published in Information Security Magazine, describes an approach to ensuring a project's success by becoming attuned to the organization's dynamics IMAGE http://www.secuobs.com/revue/news/145591.shtmlhttp://www.secuobs.com/revue/news/145591.shtml Secuobs.com : 2009-09-29 18:55:27 - Lenny Zeltser's Website - This article describes the various types of information security assessments, and offers tips for deciding which assessment is right for your situation IMAGE http://www.secuobs.com/revue/news/145590.shtmlhttp://www.secuobs.com/revue/news/145590.shtml Secuobs.com : 2009-09-15 21:51:48 - Lenny Zeltser's Website - Malicious software is an integral and dangerous component of many breaches Despite the general acknowledgement of the problem, malware thrives in the Internet ecosystem, affecting organizations large and small In this free webcast, I will survey key characteristics of today s malware, exemplified by recent bots, trojans, and browser scripts I will also discuss methods for fighting malware threats that stand a chance of being effective, offering his perspective on practical defensive controls Tune in live on September 9, 2009, at 2pm Eastern 11am Pacific time IMAGE http://www.secuobs.com/revue/news/141176.shtmlhttp://www.secuobs.com/revue/news/141176.shtml Secuobs.com : 2009-07-11 19:51:21 - Lenny Zeltser's Website - I joined the conversation on the PaulDotCom webcast, Expisode 150, talking about the need for a more pragmatic approach to information security and also dicussing malware trends IMAGE http://www.secuobs.com/revue/news/119332.shtmlhttp://www.secuobs.com/revue/news/119332.shtml Secuobs.com : 2009-06-19 01:56:18 - Lenny Zeltser's Website - This two-page cheat sheet offers tips for the initial design and reviewof an Internet application's security architectureIMAGEhttp://www.secuobs.com/revue/news/111388.shtmlhttp://www.secuobs.com/revue/news/111388.shtml Secuobs.com : 2009-06-02 22:08:35 - Lenny Zeltser's Website - This one-page cheat sheet offers communication tips for technologists,engineers, and information workersIMAGEhttp://www.secuobs.com/revue/news/105081.shtmlhttp://www.secuobs.com/revue/news/105081.shtml Secuobs.com : 2009-03-18 17:33:36 - Lenny Zeltser's Website - In this free 1-hour webcast recorded, I outline the process forreverse-engineering malicious software I cover both behavioral andcode analysis phases, to make this topic accessible even toindividuals with a limited exposure to programming concepts You'lllearn the fundamentals and associated tools to get started withmalware analysis The password for the webcast is "preview"IMAGEhttp://www.secuobs.com/revue/news/72170.shtmlhttp://www.secuobs.com/revue/news/72170.shtml Secuobs.com : 2009-03-03 15:35:27 - Lenny Zeltser's Website - In this free 1-hour webcast, I outline the process forreverse-engineering malicious software He'll cover both behavioraland code analysis phases, to make this topic accessible even toindividuals with a limited exposure to programming concepts You'lllearn the fundamentals and associated tools to get started withmalware analysis Tune in to the live session on March 10, 2009, 7pmESTIMAGEhttp://www.secuobs.com/revue/news/66904.shtmlhttp://www.secuobs.com/revue/news/66904.shtml Secuobs.com : 2009-02-18 05:20:31 - Lenny Zeltser's Website - I will be participating in the one-day Threat Management Decisions summitthat TechTarget is organizing in New York City on March 26, 2009 I'lldiscuss Emerging Internet Security Threats in 2009 It's a free event;drop by if you're aroundIMAGEhttp://www.secuobs.com/revue/news/62749.shtmlhttp://www.secuobs.com/revue/news/62749.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - I've assembled a few humorous lists circulating on the Internet, such as"The Canonical List of Answering Machine Messages" and "More ThanFifty Ways to Get Rid of Blind Dates"IMAGEhttp://www.secuobs.com/revue/news/51987.shtmlhttp://www.secuobs.com/revue/news/51987.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - When feeling particularly inspired, I write short verse Curious aboutthe results Take a lookIMAGEhttp://www.secuobs.com/revue/news/51986.shtmlhttp://www.secuobs.com/revue/news/51986.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - "Lying in bed listening to the rain outside" "Laughing for no reason atall" Take a look at what folks submitted to me over the years, andsee what inspires people of the worldIMAGEhttp://www.secuobs.com/revue/news/51985.shtmlhttp://www.secuobs.com/revue/news/51985.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - Slap a high five to the infamous Calvin, just because you have nothingbetter to doIMAGEhttp://www.secuobs.com/revue/news/51984.shtmlhttp://www.secuobs.com/revue/news/51984.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - This paper defines a framework for using easily-accessible tools and adual-phased approach to examine malware such as viruses, worms, andtrojansIMAGEhttp://www.secuobs.com/revue/news/51983.shtmlhttp://www.secuobs.com/revue/news/51983.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - This paper documents a comprehensive architecture for defending networkresources of a fictitious company It illustrates an approach tosetting up a strong security perimeterIMAGEhttp://www.secuobs.com/revue/news/51982.shtmlhttp://www.secuobs.com/revue/news/51982.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - This report presents results of a detailed information security audit ofUNIX systems that belong to a fictitious company It illustrates anapproach to performing such an examinationIMAGEhttp://www.secuobs.com/revue/news/51981.shtmlhttp://www.secuobs.com/revue/news/51981.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - This paper provides a detailed analysis of several anomalous networkevents, and illustrates the techniques for examining alerts and logsgenerated by a network intrusion detection systemIMAGEhttp://www.secuobs.com/revue/news/51980.shtmlhttp://www.secuobs.com/revue/news/51980.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - This paper examines views of American Founders on education, and appliesthem to the Internet's role as a catalyst for improving the Americaneducation systemIMAGEhttp://www.secuobs.com/revue/news/51979.shtmlhttp://www.secuobs.com/revue/news/51979.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - This paper explores early radio broadcasting efforts by the United Statesand the Soviet UnionIMAGEhttp://www.secuobs.com/revue/news/51978.shtmlhttp://www.secuobs.com/revue/news/51978.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - Save time when researching security issues by focusing on specific sitesof interestsIMAGEhttp://www.secuobs.com/revue/news/51977.shtmlhttp://www.secuobs.com/revue/news/51977.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - This article examines the evolution of malicious agents by analyzingpopular viruses, worms, and trojans, and detailing the possibility ofa new breed of malicious softwareIMAGEhttp://www.secuobs.com/revue/news/51976.shtmlhttp://www.secuobs.com/revue/news/51976.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - This often-cited article discusses the history and the structure of theWeb, and offers a peak at the future of information sharingIMAGEhttp://www.secuobs.com/revue/news/51975.shtmlhttp://www.secuobs.com/revue/news/51975.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - This article explores the use of multiple firewalls for protectingresources according to business requirements of multitierapplicationsIMAGEhttp://www.secuobs.com/revue/news/51974.shtmlhttp://www.secuobs.com/revue/news/51974.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - This paper examines trends and dynamics of the endpoint securityindustry, and evaluates the performance of market leaders such asSymantec in the context of these factorsIMAGEhttp://www.secuobs.com/revue/news/51973.shtmlhttp://www.secuobs.com/revue/news/51973.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - I contributed a few chapters to this Ed Skoudis' book, which focuses ondefending against the threat of malicious codeIMAGEhttp://www.secuobs.com/revue/news/51972.shtmlhttp://www.secuobs.com/revue/news/51972.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - If you are interested in learning a bit more about me, this page is foryou Here I list some autobiographical facts and outline a several ofmy projects and accomplishments After all, activity suggests a lifefilled with purposeIMAGEhttp://www.secuobs.com/revue/news/51971.shtmlhttp://www.secuobs.com/revue/news/51971.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - This book, which I produced and co-authored, is a practical guide todesigning, deploying, and maintaining network defensesIMAGEhttp://www.secuobs.com/revue/news/51970.shtmlhttp://www.secuobs.com/revue/news/51970.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - This 1-minute video of Magellan Penguins records my observations from avisit to Argentina's Patagonia regionIMAGEhttp://www.secuobs.com/revue/news/51969.shtmlhttp://www.secuobs.com/revue/news/51969.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - This article presents several tips for establishing a practical routinefor reviewing information security logsIMAGEhttp://www.secuobs.com/revue/news/51968.shtmlhttp://www.secuobs.com/revue/news/51968.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - In this SANS' Ask The Expert webcast I review several techniques and freetools for speeding-up the analysis of malicious softwareIMAGEhttp://www.secuobs.com/revue/news/51967.shtmlhttp://www.secuobs.com/revue/news/51967.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - The reporter interviewed me for this article on protecting organizationsagainst endpoint threatsIMAGEhttp://www.secuobs.com/revue/news/51966.shtmlhttp://www.secuobs.com/revue/news/51966.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - In this SANS webcast I present 10 key issues you need to address for asuccessful penetration testIMAGEhttp://www.secuobs.com/revue/news/51965.shtmlhttp://www.secuobs.com/revue/news/51965.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - This article reviews the emerging threats landscape of informationsecurity, including targeted attacks, client-side infections, advancedmalware, bots, and browser malware It was originally published in May2007 issue of Information Security magazineIMAGEhttp://www.secuobs.com/revue/news/51964.shtmlhttp://www.secuobs.com/revue/news/51964.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - Announcing the expansion of the Reverse-Engineering Malware courseHere's the full announcementIMAGEhttp://www.secuobs.com/revue/news/51963.shtmlhttp://www.secuobs.com/revue/news/51963.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - PaulDotCom interviewed SEC602 course co-authors during its January 24,2008, webcast We discussed key procedures for malware analysis,malware trends, and the expansion of the Reverse-Engineering Malwarecourse MP3 of the webcast is now availableIMAGEhttp://www.secuobs.com/revue/news/51962.shtmlhttp://www.secuobs.com/revue/news/51962.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - Rare is the case when a determined penetration tester or attacker failsto trick his targets into releasing sensitive information Thisarticle explains how to incorporate social engineering testing intoinformation security assessmentsIMAGEhttp://www.secuobs.com/revue/news/51961.shtmlhttp://www.secuobs.com/revue/news/51961.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - When searching for low-hanging fruit, attackers are paying closerattention to client-side vulnerabilities on internal workstations Soshould you, when performing security assessments This articledescribes how to test for client-side vulnerabilities during asecurity assessmentIMAGEhttp://www.secuobs.com/revue/news/51960.shtmlhttp://www.secuobs.com/revue/news/51960.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - This article presents recommendations for addressing the risks associatedwith modern malware Stopping malware requires an approach grounded inawareness and control The article includes a link to my relatedwebcast on protecting users from web-based threatsIMAGEhttp://www.secuobs.com/revue/news/51959.shtmlhttp://www.secuobs.com/revue/news/51959.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - In this free one-hour webcast, I examine the characteristics of today'smalware, exemplified by recently-seen bots, downloaders, keyloggers,and malicious scriptsAn archived version of the webcast is available,complete with audio and presentation slidesIMAGEhttp://www.secuobs.com/revue/news/51958.shtmlhttp://www.secuobs.com/revue/news/51958.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - In this free one-hour webcast, I discuss tools and techniques for goingbeyond the basic exploits-focused penetration testing methodology Toattend it live, tune in on August 5 at 1:00 PM EDT An archivedversion of the webcast will be availableIMAGEhttp://www.secuobs.com/revue/news/51957.shtmlhttp://www.secuobs.com/revue/news/51957.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - I created a one-page cheat sheet of shortcuts and tips forreverse-engineering malware It covers the general malware analysisprocess, as well as useful tips for OllyDbg, IDA Pro, and other toolsAn editable version of this file is also available, if you'd like tocustomize the cheat sheet for your own needs My reverse-engineeringmalware course explores these, and other useful techniquesIMAGEhttp://www.secuobs.com/revue/news/51956.shtmlhttp://www.secuobs.com/revue/news/51956.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - This cheat sheet captures tips for examining a suspect server to decidewhether to escalate for formal incident response It covers thegeneral approach, and outlines commands for Windows and Unix usingbuilt-in tools One-sheet version for printing and editing isincludedIMAGEhttp://www.secuobs.com/revue/news/51955.shtmlhttp://www.secuobs.com/revue/news/51955.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - This cheat sheet offers tips for assisting incident handlers in assessingthe situation when responding to a qualified incident by asking theright questions It builds upon the incident survey cheat sheet Ipublished earlierIMAGEhttp://www.secuobs.com/revue/news/51954.shtmlhttp://www.secuobs.com/revue/news/51954.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - What does the job of a malware analyst entail If you're looking to getinto this field, or if you're looking for ideas that can help yousucceed there, read on You might also find this page useful if youare creating a job description for hiring such a personIMAGEhttp://www.secuobs.com/revue/news/51953.shtmlhttp://www.secuobs.com/revue/news/51953.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - This cheat sheet offers tips for battling a network distributeddenial-of-service DDoS attack on your infrastructure I compiled andco-authored this one-page reference based upon the insights offered byseveral contributorsIMAGEhttp://www.secuobs.com/revue/news/51952.shtmlhttp://www.secuobs.com/revue/news/51952.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - This article describes the various types of information securityassessments, and offers tips for deciding which assessment is rightfor your situationIMAGEhttp://www.secuobs.com/revue/news/51951.shtmlhttp://www.secuobs.com/revue/news/51951.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - This cheat sheet offers tips for planning, issuing and reviewing Requestfor Proposal RFP documents for information security assessments Itaims at helping organizations receive security RFP responses bestsuited for their requirementsIMAGEhttp://www.secuobs.com/revue/news/51950.shtmlhttp://www.secuobs.com/revue/news/51950.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - I will be presenting at the SOURCE Boston 2009 Conference on March 12,2009, on "How to Respond to an Unexpected Security Incident" "Bestpractices" emphasize the need to prepare for incident response beforethe security breach occurs Indeed, that is the right approach tohandling security incidents in a controlled manner What if you neverfound the time to prepare This talk discusses the questions anindividual should ask when responding to a security incident Byhaving a list of such questions in advance, the responder will be ableto take control of the situation quickly and assertivelyIMAGEhttp://www.secuobs.com/revue/news/51949.shtmlhttp://www.secuobs.com/revue/news/51949.shtml Secuobs.com : 2009-01-15 21:26:16 - Lenny Zeltser's Website - If you are interested keeping a closer tab on my activities, you arewelcome to follow me on TwitterIMAGEhttp://www.secuobs.com/revue/news/51948.shtmlhttp://www.secuobs.com/revue/news/51948.shtml