Getting started with network security monitoring

Network Security Monitoing (NSM) can be broadly classified into three areas being collection, detection and analysis [11]. There are plenty of tools that are designed exclusively for each field. Tools like tcpdump [14], wireshark [13], tshark[16], DNSstats [15], Bro [17], Chaosreader [18] come under collection tools. Their main job is to collect data from an… Read More Getting started with network security monitoring

Volatility – A python framework for forensics

I recently came across Volatility which is an advanced forensic framework implemented in Python. This is an effective tool for digital artifacts extraction from volatile memory or the RAM. Volatility can analyze raw dumps, crash dumps, hibernation files, VMware .vmem, VMware saved state and suspended files (.vmss/.vmsn), VirtualBox core dumps, LiME (Linux Memory Extractor), expert… Read More Volatility – A python framework for forensics

Klimax – A tool for memory and execution profiling at kernel level

Malwares are of various kinds. Privacy breaching malwares are those that attempt to steal confidential data. For eg:- Keyloggers are those malwares that eavesdrop and harvest user issued keystroke. Klimax is a behavior based detection model tailored to detecting privacy-breaching malware containing any form of keylogging activities. It is a kernel level infrastructure for memory and execution profiling.… Read More Klimax – A tool for memory and execution profiling at kernel level