The financial services industry has the best flaw fix rate across six industries and leads a majority of industries in uncovering flaws within open source components, Veracode reveals. Fixing open source flaws is critical because the attack surface of applications is much larger than developers expect when open source libraries are included indirectly. The findings came as a result of an analysis of 130,000 applications from 2,500 companies. Fixing open source flaws The research found … More →
Offensive Security has released Kali Linux 2020.4, the latest version of its popular open source penetration testing platform. You can download it or upgrade to it. Kali Linux 2020.4 changes The changes in this version include: ZSH is now Kali’s new default shell on desktop images and cloud, Bash remains the default shell for other platforms (ARM, containers, NetHunter, WSL) for the time being. Users can, of course, use that which they prefer, but be … More →
The Nibiru ransomware is a .NET-based malware family. It traverses directories in the local disks, encrypts files with Rijndael-256 and gives them a .Nibiru extension. Rijndael-256 is a secure encryption algorithm. However, Nibiru uses a hard-coded string “Nibiru” to compute the 32-byte key and 16-byte IV values. The decryptor program leverages this weakness to decrypt files encrypted by this variant.
If you are tired of trying to load Memoryze's results into Internet Explorer
or into an Excel spreadsheet, check out the new viewer from Peter
Silberman. The Audit Viewer is written in Python and comes with
the BSD license because you know best how you want to view your data.
Audit Viewer allows the incident responder or forensic analyst to
quickly view complex XML output in an easily readable format. Using
familiar grouping of data and search capabilities, Audit Viewer makes
memory analysis quicker and more intuitive.
Check out these features:
Process data can be viewed on a per process basis or in its
entirety by double clicking the root node, "Processes".
For example, when you double click on "Processes" and then
click on the Files tab, all the file handles open on the host are
displayed from least frequently to most frequently occurring.
Ability to search Files, Processes, Mutants, Events, Registry
Keys, and Strings using plain text or regex.
load multiple Memoryze result sets contained in the same
Handle types are separated out into more abstract
types representing the logical type of the handle such as Files,
Directories (part of the Object Manager's namespace), Processes,
Keys, Mutants, and Events.
Memory sections with names are
displayed under the DLLs tab.
Layered drivers are displayed
in a tree view. This is useful for finding certain types of
keyboard sniffers, network sniffers, and file filtering
Integrated with Memoryze to seamlessly acquire
drivers and processes from live memory and images.
to scan all processes for "questionable" executable
sections. These sections have the EXECUTE_READWRITE flag but no
Special thanks to Peter for spending his nights and weekends to make