7 open source security tools too good to ignore
- by nlqip
Able to spot unwelcome changes to files or detect tell-tale patterns (Social Security numbers, administrative credentials, and so on) in unwelcome places (like outgoing email attachments), Yara is a powerful tool with a seemingly endless number of uses. There are limits to signature-based detection, so it would be a bad idea to rely on Yara exclusively to find malicious files. But considering its flexibility, missing out on this tool would not be a good idea, either.
OSquery to query the endpoint for system state
Imagine if locating malicious processes, rogue plugins, or software vulnerabilities in your Windows, MacOS, and Linux endpoints were a simple matter of writing a SQL query. That’s the idea behind OSquery, an open source tool from Facebook engineers that collects operating system information such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events, and file hashes into a relational database. If you can write a SQL query, that’s all you need to get answers to security questions—no complex code required.
For example, the following query would find all processes listening on network ports:
Source link
lol
Able to spot unwelcome changes to files or detect tell-tale patterns (Social Security numbers, administrative credentials, and so on) in unwelcome places (like outgoing email attachments), Yara is a powerful tool with a seemingly endless number of uses. There are limits to signature-based detection, so it would be a bad idea to rely on Yara…
Recent Posts
- Xerox To Buy Lexmark For $1.5B In Blockbuster Print Deal
- Vulnerability Summary for the Week of December 16, 2024 | CISA
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners