AlienVault R&D Labs Portal. Get the latest news from our research.
Header

Cross Correlation Rules Updated

February 3rd, 2009 | Posted by jaime.blasco in Alienvault OSSIM - (Comments Off)

I have just updated ossim Cross Correlation rules related to nessus-snort, check the cvs!!
So, the basic rule for Cross Correlation is:
if snort has discovered an attack to an IP, and we know that IP has that vulnerability, the reliability will change to 10.
The relationships between nessus ID.s and snort vulnerabilities are stored in the table plugin_reference.
If you want to do some kind of personalization, you have to insert data in this table. Check Personalize Cross Correlation.
When a personalized Cross Correlation matches, the event adds the reliability of the new plugin to the old one.

jaime.blasco

At AlienVault Jaime manages the Lab and runs the Vulnerability Research Team. Prior to working in the AlienVault lab he founded a couple of startups (Eazel, Aitsec) working on web application security, source code analysis and incident response. His background stems from a number of years working in vulnerability management, malware analysis and security researching.

More Posts - Website

Follow Me:
TwitterLinkedIn

, , , ,

Last Scada OPC Nessus Plugins

August 11th, 2008 | Posted by jaime.blasco in Nessus | Scada Security - (Comments Off)

We have released some new Nessus Plugins related to OPC Servers security issues.

List of New OPC Nessus Plugins:

  • Multiple vulnerabilities in Comsoft Profibus OPC server
  • Multiple vulnerabilities in Beijer Electronics OPC server
  • Multiple vulnerabilities in VIPA OPC server
  • Multiple vulnerabilities in Gesytec Easylon OPC server 2.0
  • Multiple vulnerabilities in Junzhi BACnet OPC server
  • Multiple vulnerabilities in IPCDAS NAPOPC OPC server
  • Multiple vulnerabilities in Klinkmann SPA OPC server
  • Multiple vulnerabilities in Newron System NLOPC OPC server
  • Multiple vulnerabilities in Wizcon Supervisor OPC DA Server

    • jaime.blasco

    At AlienVault Jaime manages the Lab and runs the Vulnerability Research Team. Prior to working in the AlienVault lab he founded a couple of startups (Eazel, Aitsec) working on web application security, source code analysis and incident response. His background stems from a number of years working in vulnerability management, malware analysis and security researching.

    More Posts - Website

    Follow Me:
    TwitterLinkedIn

    , ,

    New Scada OPC Nessus Plugins

    August 11th, 2008 | Posted by jaime.blasco in Nessus | Scada Security - (Comments Off)

    Today we have released some new Nessus Plugins related to OPC Servers security issues.

    List of New OPC Nessus Plugins:

  • Multiple vulnerabilities in KEPware KEPServerEx 4 OPC server
  • Multiple vulnerabilities in Triangle MicroWorks OPC Server 2.0.2
  • Multiple vulnerabilities in Comsoft L1 OPC server

    • We’ll release new plugins related to OPC and Scada in general during the next weeks!!!

    jaime.blasco

    At AlienVault Jaime manages the Lab and runs the Vulnerability Research Team. Prior to working in the AlienVault lab he founded a couple of startups (Eazel, Aitsec) working on web application security, source code analysis and incident response. His background stems from a number of years working in vulnerability management, malware analysis and security researching.

    More Posts - Website

    Follow Me:
    TwitterLinkedIn

    , ,

    Scada: OPC Nessus Plugins

    August 6th, 2008 | Posted by jaime.blasco in Nessus | Scada Security - (Comments Off)

    During the development of the Free Nessus Feed we are writing some interesting plugins about Scada.

    Today we released some plugins relating to OPC (OLE for Process Control) Servers, OPC standard specifies the communication of real-time plant data between control devices from different manufacturers.

    List of OPC Nessus Plugins:

  • Multiple vulnerabilities in NETxEIB OPC server CVE-2007-1313
  • Multiple vulnerabilities in Takebishi Electric DeviceXplorer FA-M3 OPC server CVE-2007-1313
  • Multiple vulnerabilities in Takebishi Electric DeviceXplorer HIDIC OPC server CVE-2007-1319
  • Multiple vulnerabilities in Takebishi Electric DeviceXplorer MELSEC OPC server CVE-2007-1319
  • Multiple vulnerabilities in Takebishi Electric DeviceXplorer SYSMAC OPC server CVE-2007-1319

    • We have write some functions for accesing DCOM Applications information throught WMI.

    jaime.blasco

    At AlienVault Jaime manages the Lab and runs the Vulnerability Research Team. Prior to working in the AlienVault lab he founded a couple of startups (Eazel, Aitsec) working on web application security, source code analysis and incident response. His background stems from a number of years working in vulnerability management, malware analysis and security researching.

    More Posts - Website

    Follow Me:
    TwitterLinkedIn

    , ,

    Showing relation graph between nessus scripts and include files

    August 6th, 2008 | Posted by jaime.blasco in Nessus | Security Visualization - (Comments Off)

    I have make an interesting graph showing the relation between nessus scripts and include files

    jaime.blasco

    At AlienVault Jaime manages the Lab and runs the Vulnerability Research Team. Prior to working in the AlienVault lab he founded a couple of startups (Eazel, Aitsec) working on web application security, source code analysis and incident response. His background stems from a number of years working in vulnerability management, malware analysis and security researching.

    More Posts - Website

    Follow Me:
    TwitterLinkedIn

    ,