Category Archives: open source

Financial services lead when it comes to fixing open source flaws

The financial services industry has the best flaw fix rate across six industries and leads a majority of industries in uncovering flaws within open source components, Veracode reveals. Fixing open source flaws is critical because the attack surface of applications is much larger than developers expect when open source libraries are included indirectly. The findings came as a result of an analysis of 130,000 applications from 2,500 companies. Fixing open source flaws The research found … More

The post Financial services lead when it comes to fixing open source flaws appeared first on Help Net Security.

Kali Linux 2020.4 released: New default shell, fresh tools, and more!

Offensive Security has released Kali Linux 2020.4, the latest version of its popular open source penetration testing platform. You can download it or upgrade to it. Kali Linux 2020.4 changes The changes in this version include: ZSH is now Kali’s new default shell on desktop images and cloud, Bash remains the default shell for other platforms (ARM, containers, NetHunter, WSL) for the time being. Users can, of course, use that which they prefer, but be … More

The post Kali Linux 2020.4 released: New default shell, fresh tools, and more! appeared first on Help Net Security.

Nibiru ransomware variant decryptor

Nikhil Hegde developed this tool.

Weak encryption

The Nibiru ransomware is a .NET-based malware family. It traverses directories in the local disks, encrypts files with Rijndael-256 and gives them a .Nibiru extension. Rijndael-256 is a secure encryption algorithm. However, Nibiru uses a hard-coded string “Nibiru” to compute the 32-byte key and 16-byte IV values. The decryptor program leverages this weakness to decrypt files encrypted by this variant.

Read more

New Audit Viewer for Memoryze

If you are tired of trying to load Memoryze's results into Internet Explorer

or into an Excel spreadsheet, check out the new viewer from Peter

Silberman. The Audit Viewer is written in Python and comes with

the BSD license because you know best how you want to view your data.

Audit Viewer allows the incident responder or forensic analyst to quickly view complex XML output in an easily readable format. Using familiar grouping of data and search capabilities, Audit Viewer makes memory analysis quicker and more intuitive.

Check out these features:

  • Process data can be viewed on a per process basis or in its entirety by double clicking the root node, "Processes". For example, when you double click on "Processes" and then click on the Files tab, all the file handles open on the host are displayed from least frequently to most frequently occurring.
  • Ability to search Files, Processes, Mutants, Events, Registry Keys, and Strings using plain text or regex.
  • Ability to load multiple Memoryze result sets contained in the same directory.
  • Handle types are separated out into more abstract types representing the logical type of the handle such as Files, Directories (part of the Object Manager's namespace), Processes, Keys, Mutants, and Events.
  • Memory sections with names are displayed under the DLLs tab.
  • Layered drivers are displayed in a tree view. This is useful for finding certain types of keyboard sniffers, network sniffers, and file filtering drivers.
  • Integrated with Memoryze to seamlessly acquire drivers and processes from live memory and images.
  • Ability to scan all processes for "questionable" executable sections. These sections have the EXECUTE_READWRITE flag but no name.

Special thanks to Peter for spending his nights and weekends to make this available.