20 Critical Controls
Searching for Hashes of Malicious Files (APT - Aurora)
Monday, February 15th, 2010A couple weeks ago I posted a blog article with some sample file hashes and domain names associated with the recent Google hacks (think APT or Aurora). More information on those file hashes can be found here.
Since then I’ve had quite a few people ask me, if you have a system that you suspect might [...]
20 Critical Controls, “Aurora”, APT, and the Google Hack
Thursday, February 4th, 2010Obviously there has been a lot of discussion in the news, on blog posts, even tweets, on the issue of the Aurora attacks and what they mean. This is certainly not a new threat. Evidence of this threat can be seen back to at least 2008 if not earlier (if you consider Titan Rain or [...]
Aurora Malware Hashes and Domains
Tuesday, February 2nd, 2010McAfee has recently released specific details about their analysis of the Aurora malware that was used to compromise 30+ companies over the past few months. This malware is consistent with the types of files that Enclave and other organizations who have responded to APT based attacks have discovered. It appears to utilize many of the [...]
Automating Audit Tests with Eventtriggers.exe (20 Critical Control Scripting Tip)
Tuesday, January 12th, 2010One of the issues that we have been dealing with extensively lately is the issue of auditing and automation. This has come most often been raised when we’ve been discussing how to address automating control assessments in conjunction with implementing the 20 Critical Controls. One of the core principles of the 20 Critical Controls is [...]