There is a GIAC paper on this topic. Building a malware analysis lab with open source tools. In case nobody mentions it. Don't have a link handy but should be easy to find at HTTP://WWW.sans.org/rr
Sherwyn <[email protected]> wrote: >I would be interested in hearing Lenny Zeltser among others talk about >building a low cost malware analysis lab, and the value this can add to an >origination by having such a resource. > >I work for a University and too many times key machines are infected and the >protocol is to either clean the infection or reimage the machine without >really understanding the infection. >Infolookup >http://infolookup.securegossip.com >www.twitter.com/infolookup > > >-----Original Message----- >From: Paul Asadoorian <[email protected]> >Date: Tue, 20 Apr 2010 17:11:38 >To: PaulDotCom Security Weekly Mailing List<[email protected]> >Subject: Re: [Pauldotcom] Topics For Discussion - Episode 200 > >Thanks all, great suggestions so far. Lots of Metasploit stuff right off >the bat, so I will look to include something special on Metasploit (no >promises until I talk to the team, especially Carlos :) > >Keep em' comin'! > >Cheers, >Paul > >On 4/20/10 3:55 PM, Craig Freyman wrote: >> My vote is privilege escalation. There is obviously getsystem in >> Metasploit, but what other techniques are used? Most of what I have >> found is on the "at" command which requires admin rights to run. Just >> wondering what other things a skilled attacker would do outside of >> Metasploit. >> >> On Tue, Apr 20, 2010 at 12:45 PM, Butturini, Russell >> <[email protected] >> <mailto:[email protected]>> wrote: >> >> I would like to hear a round table discussion of where Metasploit >> can fit in an enterprise environment. I know what my organization >> does with it, but would love to hear some more ideas. >> >> -----Original Message----- >> From: [email protected] >> <mailto:[email protected]> >> [mailto:[email protected] >> <mailto:[email protected]>] On Behalf Of Paul >> Asadoorian >> Sent: Tuesday, April 20, 2010 1:41 PM >> To: PaulDotCom Security Weekly Mailing List >> Subject: [Pauldotcom] Topics For Discussion - Episode 200 >> >> Hi All: >> >> I wanted to solicit the members of this list to get some topics for >> episode 200. We are planning on podcasting all day (June 4, 2010 >> 9am-5pm) so I would like suggestions for: >> >> - Debates >> - Discussions >> - "Round Tables" or panel discussion >> - Technical topics >> - Computer equipment you would like to see destroyed (not my iPad!) >> >> Please also include any guests you'd like us to try and get to discuss >> stuff too. These can be non-technical topics (like "passwords") or more >> technical things (like "post-exploitation"). >> >> Thank you in advance for your feedback and keep up the great discussion >> on this list! >> >> Cheers, >> Paul >> >> PS. I would also be interesting in hearing suggestions for Beer or >> cigars and promise to include a full review on the show! :) >> >> -- >> Paul Asadoorian >> PaulDotCom Enterprises >> Web: http://pauldotcom.com >> Phone: 401.829.9552 >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] <mailto:[email protected]> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> >> >> >> ****************************************************************************** >> This email contains confidential and proprietary information and is >> not to be used or disclosed to anyone other than the named recipient >> of this email, >> and is to be used only for the intended purpose of this communication. >> >> ****************************************************************************** >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] <mailto:[email protected]> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> >> >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > >-- >Paul Asadoorian >PaulDotCom Enterprises >Web: http://pauldotcom.com >Phone: 401.829.9552 >_______________________________________________ >Pauldotcom mailing list >[email protected] >http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >Main Web Site: http://pauldotcom.com >_______________________________________________ >Pauldotcom mailing list >[email protected] >http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
