AZ Failure Recovery Within VMware Cloud on AWS

This post was originally published on this site

Occasionally a customer will ask if there is any risk of losing data in the event of a transient AZ failure. The short answer is no; there is no need to worry. Temporary failures such as a power outage are not terminal.   A source of this confusion is a mix of terminology. VMware and

The post AZ Failure Recovery Within VMware Cloud on AWS appeared first on Virtual Blocks.

Wavefront Plugin for Jenkins: The Native Wavefront-Jenkins Integration Solution

This post was originally published on this site

By Dimitar Parapanov Wavefront by VMware (Wavefront) is a massively scalable, real-time, analytics platform for metrics monitoring. Offered as software-as-a-service (SaaS), Wavefront allows you to ask almost any question of your data and get answers back in real-time, then easily turn such queries into dashboards and alerts. Jenkins server can be challenging to monitor. With hundreds

The post Wavefront Plugin for Jenkins: The Native Wavefront-Jenkins Integration Solution appeared first on VMware Open Source Blog.

Analyst Webcast: Protecting the User: A Review of Mimecasts Web Security Service – December 12, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: David Szili

The web remains a primary vector for cyberattacks, as either the initiation point or the way to complete an adversary’s mission. Unsuspecting employees remain in the firing line despite security awareness training and increasingly intelligent security controls. In this webcast, SANS instructor David Szili will discuss his perspectives on best practices for securing the web in general and his experience using the Mimecast Web Security cloud service in particular.

David will discuss using the Mimecast Web Security service to set policies to identify and block dangerous sites and manage which employees can access which sites as part of an acceptable use program. He will also walk attendees through the built-in reporting capabilities, dashboards, and best practices for setting up and using the service. Attendees will also learn how the web security tools are integrated with the Mimecast Secure Email Gateway with Targeted Threat Protection for simplified setup and the most effective way to manage and block malware and other threats using a single cloud platform.

Register for this webcast and be among the first to receive the associated whitepaper written by SANS instructor David Szili.

How to manage ESXi hosts remotely with PowerCLI

This post was originally published on this site

How to manage ESXi hosts remotely with PowerCLI How to manage ESXi hosts remotely with PowerCLI When choosing to administer VMware-based virtual machines (VMs), administrators have a few decisions to make when prepping their bare-metal hosts and configuring the guest OSes, the storage spaces, and switches used to communicate with each other and across networks. The choices center on how to…Read More VMware Social Media Advocacy

The post How to manage ESXi hosts remotely with PowerCLI appeared first on Virtual Barker.

Export VMware Horizon pool settings

This post was originally published on this site

I created a simple PowerShell script that exports all the pool settings on a Horizon Connection Server and saves them in a separate JSON file. To run this script follow the requirements below: Download the script from my GitHub page. Edit the ‘Export-HorPool.ps1’ script and enter the correct file location in the ‘$fileloc’ variable. The … Read more

The post Export VMware Horizon pool settings appeared first on ivobeerens.nl.

migrate to vcsa 6.5 U3 GUI xlarge issue

This post was originally published on this site

For a customer I’m migrating their legacy vSphere 5.5 environment to vSphere 6.5 U3.The migration is from a windows vCenter to the VCSA.First, we tried to use the GUI and stumbled over an issue. GUI The GUI, is of course a nice, friendly way to do this process. But when we got at the stage … Continue reading “migrate to vcsa 6.5 U3 GUI xlarge issue”

Top 20 articles for vSAN, November 2019

This post was originally published on this site

Status of TLSv1.1/1.2 Enablement and TLSv1.0 Disablement across VMware products Thick-provisioned VMs onhttps://kb.vmware.com/s/article/ vSAN detected on vSAN-health check “Host cannot communicate with all other nodes in vSAN enabled cluster” error VASA Provider Registration Troubleshooting vSAN Health Service – Online Health – Controller Utility Is Installed on Host Unable to retrieve vSAN related information via HTML5

The post Top 20 articles for vSAN, November 2019 appeared first on VMware Support Insider.

Code & Data Reuse in the Malware Ecosystem, (Thu, Dec 12th)

This post was originally published on this site

In the past, I already had the opportunity to give some “security awareness” sessions to developers. One topic that was always debated is the reuse of existing code. Indeed, for a developer, it’s tempting to not reinvent the wheel when somebody already wrote a piece of code that achieves the expected results. From a gain of time perspective, it’s a win for the developers who can focus on other code. Of course, this can have side effects and introduce bugs, backdoors, etc… but it’s not today’s topic. Malware developers are also developers and have the same behavior. Code reuse has been already discussed several times[1]. For example, tools exist to detect cloned or reused code in the IDA disassembler[2][3].

A Trendmicro report demonstrated that different malware families (URSNIF, EMOTET, DRIDEX, and BitPaymer) have code similarities[4].

But, code or data reuse is present everywhere, even in simple macro languages. Yesterday, I found an interesting sample that contained a function to kill AV and other security products. To achieve this, the best approach is to have a list of potential process names, search for them and try to kill the process:

a2adguard.exe
a2adwizard.exe
a2antidialer.exe
a2cfg.exe
a2cmd.exe
a2free.exe
a2guard.exe
a2hijackfree.exe
a2scan.exe
a2service.exe
a2start.exe
a2sys.exe
a2upd.exe
aavgapi.exe
aawservice.exe
aawtray.exe
ad-aware.exe
ad-watch.exe
[...]

The complete list contained 233 items! On Twitter, one of my followers pointed me to a GitHub page that had a file containing exactly… 233 items! I searched for more references and found other ones which also contained the same list:

  • Reverse Shell Backdoor framework[5]
  • Dr0p1t framework[6]
  • Metasploit[7]

Why malware developers should take time to compile their own list of interesting processes while such lists are already publicly available? If you have written some code or compiled data like those and published them somewhere (for any valid reason – nothing malicious), they’re chances that they will be found and (ab)used by attackers in their code!  The best example is Mimikatz that has been (and is still) used in many attacks. This is valid not only for pieces of code but also for any “data”. Keep this in mind!

[1] https://www.first.org/resources/papers/london2019/1630-Code-Reuse-Analysis-Holtzman-.pdf
[2] https://github.com/BinSigma/BinClone
[3] https://www.hex-rays.com/products/ida/tech/flirt/in_depth.shtml
[4] https://blog.trendmicro.com/trendlabs-security-intelligence/ursnif-emotet-dridex-and-bitpaymer-gangs-linked-by-a-similar-loader/
[5] https://github.com/tarcisio-marinho/RSB-Framework/blob/master/Python/victim/av.txt
[6] https://github.com/D4Vinci/Dr0p1t-Framework/blob/master/resources/killav.py
[7] https://github.com/rapid7/metasploit-framework/blob/master/scripts/meterpreter/getcountermeasure.rb

Xavier Mertens (@xme)
Senior ISC Handler – Freelance Cyber Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.