w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.
Reference:
w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.
Reference:
BotHunter models an infection sequence as a composition of participants and a loosely ordered sequence of network dialog exchanges:
Infection I = <A, V, E, C, P, V’, {D}>
where A = attacker, V = victim, E = egg download location, C = C&C server, P = peer to peer coordination points, and V’ = the victim’s next propagation targets. {D} represents a set of dialog sequences composed of bidirectional flows that cross the egress boundary.
BotHunter’s current infection dialog set {D} provides the following detection coverage for your network:
E1: Inbound malware port focused scans
E2: In and Outbound Exploit Detection
Client-side infection attempts (Web)
Direct Microsoft Exploit Coverage, including
– RPC exploits
– Netbios attacks
– OP/Shell code attack via overflow
Special Port Exploits
High Application Port Exploits
Inbound Only: Browser specific attacks
Outbound Only: Bad outbound email from non-SMTP
Outbound Only:
– Moderate malware-focused outbound scan detection
– Prolific non-malware-focused outbound scan detection
E3: Forced Download / Illegal Software Install Detection:
Malware/Trojan-initiated download request
Classic network stream binary spotting
Malware FTP Comms
Web-based spyware Infection Download / Install
E4: C&C Detection
Web based spyware phone home / periodic checkin
Web based malware install success reports
Inbound spyware command detection (flow established)
Web-based ADWARE phone home
BotNet C&C login/dialog /command recognition
Trojan horse periodic checkin (primarily via web ports)
Application port checkin/install success reports
DNS-based call-backs
SMTP callbacks (from non-SMTP hosts)
Statefull IRC botnet C&C detection
Russian Business Network (RBN) address
E5/E6: Insider Attack / Malware Preparation Activity
Spambot MX record search via DNS
DNS malware associated query
E7 Peer to Peer Rules
BotNet P2P protocol activity
E8: Malware Infection Declaration Rules:
Known botnet C&C IP address (specific address)
Prolific malware-focused outbound scan detection
References:
http://en.wikipedia.org/wiki/Responsibility_assignment_matrix
Very often the role that is Accountable for a task or deliverable may also be Responsible for completing it (indicated on the matrix by the task or deliverable having a role Accountable for it, but no role Responsible for its completion, i.e. it is implied). Outside of this exception, it is generally recommended that each role in the project or process for each task receive, at most, just one of the participation types. Where more than one participation type is shown, this generally implies that participation has not yet been fully resolved, which can impede the value of this technique in clarifying the participation of each role on each task.
You must be logged in to post a comment.