Category Archives: HBSS Host Based Security Systems

Host based systems tlpically rely on agents placed on critical systems in the enterprise to
monitor various aspects of their operation for signs of suspicious activity. The agents often
report back to a central management console if something is detected or it may write event
activity to system logs. Host based systems are well suited for detection of activity that doesn’t
generate network trafiic. For example, activity such as policy violations or physical
compromise of the system, such as unauthorized users attempting local access, are likely to be
detected by such systems. Also, changes in the integrity of critical files are easily detected by
comparing file hashes to known good hash profiles.
Host based systems have some disadvantages however. For example, they require agents to be
installed on every machine that needs to be monitored. As such, remote management of these
agents may be a challenge. Also, system adminiskators may be concerned with placing a
further processing burden on systems that are heavily utilized

YARA Rule to detect rule shellcode_eax_loop_exch

yara-rule-to-detect-rule-shellcode_eax_loop_exch

Share Button

YARA Rules to detect generic malware files part 2

yara-rules-to-detect-generic-malware-files-part-2

Share Button

YARA Generic Signatures for known Malware Strings and Files

yara-generic-signatures-for-known-malware-strings-and-files

Share Button

YARA Rule to detect APT backdoor Pipcreat

yara-rule-to-detect-apt-backdoor-pipcreat

Share Button

YARA Rule to detect Meterpreter reverse TCP backdoor in memory

yara-rule-to-detect-meterpreter-reverse-tcp-backdoor-in-memory

Share Button