von Florian Roth | Okt 27, 2015 | APT, THOR, Unsere Arbeit
People often ask me if they still need our host based scanner THOR now that they have bought a network appliance that already checks all content that goes into and leaves their network. I normally answer that it is not a question of one solution versus another, but a...
von Florian Roth | Mrz 10, 2015 | APT, THOR, Tool, Tutorial, Unsere Arbeit, YARA
People often ask me, why we changed the name of our scanner from „IOC“ to „APT“ scanner and if we did that only for marketing reasons. But don’t worry, this blog post is just as little a sales pitch as it is an attempt to create a new...
von Florian Roth | Mai 27, 2014 | THOR, Tool, Tutorial, Unsere Arbeit, YARA
During our investigations we encountered situations in which attackers replaced valid system files with other system files to achieve persistence and establish a backdoor on the systems. The most frequently used method was the replacement of the...
von Florian Roth | Feb 25, 2014 | Alert, Command Line, Tool, Tutorial, YARA
Die folgende Yara Signatur kann für die Erkennung der Ebury SSH Backdoor verwendet werden. rule Ebury_SSHD_Malware_Linux { meta: description = "Ebury Malware" author = "Florian Roth" hash = "4a332ea231df95ba813a5914660979a2" strings:...