AlienVault R&D Labs Portal. Get the latest news from our research.
Header

Ossim: 0-day in Microsoft DirectShow

July 7th, 2009 | Posted by jaime.blasco in Alienvault OSSIM | Attacks | Exploits - (Comments Off)

A 0-day exploit in Microsoft Video ActiveX Control is being exploited by malicious sites. Many people is covering this vulnerability and seems that will be widely deployed. Alienvault’s feed customers are protected and covered with these directives: 45046:AV Possible MSVidCtl Client side attack detected against SRC_IP (KB-972890) 45047:AV Possible Malicious Server exploiting MSVidCt against DST_IP … Read more

, , , , ,

Can OSSIM be considered a SIEM? Is it enterprise ready?

June 20th, 2009 | Posted by DK in Personal DK - (Comments Off)

The story starts as following. A couple of years ago Dr. Anton Chuvakin (for those who might not know him a well renowned security professional and speaker) made a prediction for 2006: that a Credible Open-Source SIM would not arrive. A year later he said this goal hasn’t been reached (as predicted). I remember being … Read more

, , ,

sobek-hids: Host Monitoring System

June 20th, 2009 | Posted by jaime.blasco in Code | Python - (Comments Off)

I’ve just created a google code’s project with some code I wrote some time ago. Sobek-Hids is a python based Host IDS system capable to monitor: Registry Changes File Activity Process Creation Printing Jobs External Drives (USB Disk Plugs) Shared Resources Windows Accounts Logon Firewall Changes I hope I will have the time to continue … Read more

, , ,

Request for case-studies, testimonials, comments and feedback

May 5th, 2009 | Posted by DK in Alienvault OSSIM - (Comments Off)

A friend of mine is preparing a speech at a security conference this summer around OSSIM. He asked if I could get some feedback, case-studies or anything that could backup and enrichen his speech, this is what this post is for :-). So please, should you have anything (wether it’s good or bad, happy or … Read more

New Instaler beta: 1.2beta6

May 2nd, 2009 | Posted by DK in Installer - (Comments Off)

I’m happy to announce the availability of the next beta, AV Installer beta6. (md5: 21204ecf2949a1d9ac9838b3c694b72d. Again, thanks a ton to everybody testing the betas and reporting bugs / improvements, with your help this is already the best release that’s been published ever for OSSIM. The betatesting process is reaching the point where we’re going to … Read more

, ,