The FireEye Labs Obfuscated String Solver (FLOSS) is an open-source tool that automatically detects, extracts, and decodes obfuscated strings in Windows Portable Executable (PE) files. Malware analysts, forensic investigators, and incident responders can use FLOSS to quickly extract sensitive strings to identify indicators of compromise (IOCs). Malware authors encode strings in their programs to hide Read More …
Tag: blue team
Conference Video – Defending Against Power Shell Attacks
Dutch Power Shell User Group – 3rd Power Shell Saturday 2017-04-08
Conference Video – Offensive Countermeasures: Still trying to bring sexy back
Why is it that the Hackers and Penetration Testers get to have all of the “sexy” fun? In this presentation we will cover some cool tricks to confuse, block or mislead attackers. Penetration testers may be angered during this presentation as we will describe how to make their lives difficult. The term “hacking back” will Read More …
Quick Note :: Attribute Based Access
We then end up with two main classifications of access control: Role-Based Access Control (RBAC). Define the role for the access to data, eg Policy = Subject (AND/OR) Role –> Permissions. Attribute-Based Access Control (ABCL). Define attributes eg Policy = User (role, nationality) AND/OR Resource (department, owner) AND/OR Action AND/OR Context (time, IP, location) -> Read More …