Category Archives: HBSS Host Based Security Systems

Host based systems tlpically rely on agents placed on critical systems in the enterprise to
monitor various aspects of their operation for signs of suspicious activity. The agents often
report back to a central management console if something is detected or it may write event
activity to system logs. Host based systems are well suited for detection of activity that doesn’t
generate network trafiic. For example, activity such as policy violations or physical
compromise of the system, such as unauthorized users attempting local access, are likely to be
detected by such systems. Also, changes in the integrity of critical files are easily detected by
comparing file hashes to known good hash profiles.
Host based systems have some disadvantages however. For example, they require agents to be
installed on every machine that needs to be monitored. As such, remote management of these
agents may be a challenge. Also, system adminiskators may be concerned with placing a
further processing burden on systems that are heavily utilized

YARA Signature to detect LURK0 Remote Access Trojan (RAT) Malware

private rule LURK0Header : Family LURK0 { meta: description = “5 char code for LURK0” author = “Katie Kleemola” last_updated = “07-21-2014” strings: $ = { C6 [5] 4C C6 [5] 55 C6 [5] 52 C6 [5] 4B C6 [5] 30 } condition: any of them } private rule CCTV0Header : Family CCTV0 { meta:… Read More »

Share Button

YARA Rule to Detect COMFOO Sophos Symantec


Share Button

YARA Rule to detect Adobe 0-day Exploit


Share Button

YARA Rule to detect backdoor_w32_hupigon.shtml


Share Button

YARA Rule to detect Winows_Credentials_Editor Simple String Matches for WCE


Share Button