Product Review - Mandiant Highlighter
Today we are looking at Mandiant Highlighter; Log and Text File Viewer
Product home page can be found here
MANDIANT Highlighter is a log file analysis tool. Highlighter provides a graphical component to log analysis that helps the analyst identify patterns. Highlighter also provides a number of features aimed at . . . → Read More: Mandiant Highlighter – Log and Text File Viewer Review
Using TCP DUMP on windows
This will cover how to use command line TCPDUMP on Windows.
Software Windump Winpcap Examples
windump.exe -Ap -s65535 port 80 > c:\example_dump.txt
To check if twitter acct hacked you can look at the recent pastebin posts ( page 1 | page 2 | page 3 | page 4 | page 5 ) and do a find for your username.
Additionally a number of websites will search all known publicly posted “hacked” to see if your email or account . . . → Read More: check if twitter acct hacked
Let’s say you wanted to hash windows files against a known good set of hashes.
Here’s how to do it!
Required Tools md5deep nsrlquery
You’ll also need a server to query against. Luckily Kyrus has provided a nsrlserver (beta), known as the Kyrus NSRL Lookup Service!
nsrlquery is an umbrella project that’s home to . . . → Read More: hash windows files against known good set
looking for a hash windows shell extension? Hashtab is probably one of the best.
HashTab provides OS extensions to calculate file hashes. HashTab supports many hash algorithms such as MD5, SHA1, SHA2, RipeMD, HAVAL and Whirlpool. HashTab is supported as a Windows shell extension and a Mac Finder plugin. HashTab provides an easy way to verify file integrity and authenticity
. . . → Read More: hash windows shell extension
to detect the mac flashback virus (courtesy of cnet.com)
How does it work?
The Flashback malware injects code into applications (specifically Web browsers) that will be executed when they run, and which then send screenshots and other personal information to remote servers.
First step: Exploiting Java When you encounter the malicious Web page containing the . . . → Read More: detect mac flashback
To delete all currently stored alerts and related data in the ossec database execute these commands in
truncate table alert; truncate table data;
Bash Script: #!/usr/local/bin/bash # #Stop ossec, remove old alerts, start ossec
echo “stopping ossec”
echo ‘TRUNCATE TABLE `alert` ;’ | mysql ossec . . . → Read More: ossec clear database
There are two config directives that controls Apache version. The ServerSignature directive adds a line containing the Apache HTTP Server server version and the ServerName to any server-generated documents, such as error messages sent back to clients. ServerSignature is set to on by default. The ServerTokens directive controls whether Server response header field which is . . . → Read More: Secure Apache ServerTokes and ServerSignature directives
Download files wget http://www.ossec.net/files/ossec-hids-latest.tar.gz wget http://www.ossec.net/files/ossec-hids-latest_sum.txt Check the MD5 or SAH1 to make sure they are legit (Don’t skip!!) md5sum ossec-hids-latest.tar.gz cat ossec-hids-latest_sum.txt Extract the files from the tar tar zxvf ossec-hids-latest.tar.gz Cd into the directory and run the installer ** cd ossec-hids-latest/ ./install.sh If you are not running a local install make sure . . . → Read More: Install OSSEC local on Ubuntu