For many, applying for a new job is a stressful experience. Before the interview, we can find ourselves worrying about if we know enough for the technical review stage. The truth is that the interview should be about how you tackle a question and work through it, rather than getting the answer exactly right. Even […]
Occasionally a customer will ask if there is any risk of losing data in the event of a transient AZ failure. The short answer is no; there is no need to worry. Temporary failures such as a power outage are not terminal. A source of this confusion is a mix of terminology. VMware and
By Dimitar Parapanov Wavefront by VMware (Wavefront) is a massively scalable, real-time, analytics platform for metrics monitoring. Offered as software-as-a-service (SaaS), Wavefront allows you to ask almost any question of your data and get answers back in real-time, then easily turn such queries into dashboards and alerts. Jenkins server can be challenging to monitor. With hundreds
The post Wavefront Plugin for Jenkins: The Native Wavefront-Jenkins Integration Solution appeared first on VMware Open Source Blog.
Speakers: David Szili
The web remains a primary vector for cyberattacks, as either the initiation point or the way to complete an adversary’s mission. Unsuspecting employees remain in the firing line despite security awareness training and increasingly intelligent security controls. In this webcast, SANS instructor David Szili will discuss his perspectives on best practices for securing the web in general and his experience using the Mimecast Web Security cloud service in particular.
David will discuss using the Mimecast Web Security service to set policies to identify and block dangerous sites and manage which employees can access which sites as part of an acceptable use program. He will also walk attendees through the built-in reporting capabilities, dashboards, and best practices for setting up and using the service. Attendees will also learn how the web security tools are integrated with the Mimecast Secure Email Gateway with Targeted Threat Protection for simplified setup and the most effective way to manage and block malware and other threats using a single cloud platform.
Register for this webcast and be among the first to receive the associated whitepaper written by SANS instructor David Szili.
How to manage ESXi hosts remotely with PowerCLI How to manage ESXi hosts remotely with PowerCLI When choosing to administer VMware-based virtual machines (VMs), administrators have a few decisions to make when prepping their bare-metal hosts and configuring the guest OSes, the storage spaces, and switches used to communicate with each other and across networks. The choices center on how to…Read More VMware Social Media Advocacy
I created a simple PowerShell script that exports all the pool settings on a Horizon Connection Server and saves them in a separate JSON file. To run this script follow the requirements below: Download the script from my GitHub page. Edit the ‘Export-HorPool.ps1’ script and enter the correct file location in the ‘$fileloc’ variable. The … Read more
For a customer I’m migrating their legacy vSphere 5.5 environment to vSphere 6.5 U3.The migration is from a windows vCenter to the VCSA.First, we tried to use the GUI and stumbled over an issue. GUI The GUI, is of course a nice, friendly way to do this process. But when we got at the stage … Continue reading “migrate to vcsa 6.5 U3 GUI xlarge issue”
Status of TLSv1.1/1.2 Enablement and TLSv1.0 Disablement across VMware products Thick-provisioned VMs onhttps://kb.vmware.com/s/article/ vSAN detected on vSAN-health check “Host cannot communicate with all other nodes in vSAN enabled cluster” error VASA Provider Registration Troubleshooting vSAN Health Service – Online Health – Controller Utility Is Installed on Host Unable to retrieve vSAN related information via HTML5
Status of TLSv1.1/1.2 Enablement and TLSv1.0 Disablement across VMware products Thick-provisioned VMs onhttps://kb.vmware.com/s/article/ vSAN detected on vSAN-health check “Host cannot communicate with all other nodes in vSAN enabled cluster̶… Continue reading →
In the past, I already had the opportunity to give some “security awareness” sessions to developers. One topic that was always debated is the reuse of existing code. Indeed, for a developer, it’s tempting to not reinvent the wheel when somebody already wrote a piece of code that achieves the expected results. From a gain of time perspective, it’s a win for the developers who can focus on other code. Of course, this can have side effects and introduce bugs, backdoors, etc… but it’s not today’s topic. Malware developers are also developers and have the same behavior. Code reuse has been already discussed several times. For example, tools exist to detect cloned or reused code in the IDA disassembler.
A Trendmicro report demonstrated that different malware families (URSNIF, EMOTET, DRIDEX, and BitPaymer) have code similarities.
But, code or data reuse is present everywhere, even in simple macro languages. Yesterday, I found an interesting sample that contained a function to kill AV and other security products. To achieve this, the best approach is to have a list of potential process names, search for them and try to kill the process:
a2adguard.exe a2adwizard.exe a2antidialer.exe a2cfg.exe a2cmd.exe a2free.exe a2guard.exe a2hijackfree.exe a2scan.exe a2service.exe a2start.exe a2sys.exe a2upd.exe aavgapi.exe aawservice.exe aawtray.exe ad-aware.exe ad-watch.exe [...]
The complete list contained 233 items! On Twitter, one of my followers pointed me to a GitHub page that had a file containing exactly… 233 items! I searched for more references and found other ones which also contained the same list:
Why malware developers should take time to compile their own list of interesting processes while such lists are already publicly available? If you have written some code or compiled data like those and published them somewhere (for any valid reason – nothing malicious), they’re chances that they will be found and (ab)used by attackers in their code! The best example is Mimikatz that has been (and is still) used in many attacks. This is valid not only for pieces of code but also for any “data”. Keep this in mind!
Xavier Mertens (@xme)
Senior ISC Handler – Freelance Cyber Security Consultant
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.