7 open source security tools too good to ignore
- by nlqip
Able to spot unwelcome changes to files or detect tell-tale patterns (Social Security numbers, administrative credentials, and so on) in unwelcome places (like outgoing email attachments), Yara is a powerful tool with a seemingly endless number of uses. There are limits to signature-based detection, so it would be a bad idea to rely on Yara exclusively to find malicious files. But considering its flexibility, missing out on this tool would not be a good idea, either.
OSquery to query the endpoint for system state
Imagine if locating malicious processes, rogue plugins, or software vulnerabilities in your Windows, MacOS, and Linux endpoints were a simple matter of writing a SQL query. That’s the idea behind OSquery, an open source tool from Facebook engineers that collects operating system information such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events, and file hashes into a relational database. If you can write a SQL query, that’s all you need to get answers to security questions—no complex code required.
For example, the following query would find all processes listening on network ports:
Source link
lol
Able to spot unwelcome changes to files or detect tell-tale patterns (Social Security numbers, administrative credentials, and so on) in unwelcome places (like outgoing email attachments), Yara is a powerful tool with a seemingly endless number of uses. There are limits to signature-based detection, so it would be a bad idea to rely on Yara…
Recent Posts
- Tenable Selected by Bank of Yokohama to Secure its Active Directory and Eliminate Attack Paths
- CISA warns of actively exploited Apache HugeGraph-Server bug
- Suspects behind $230 million cryptocurrency theft arrested in Miami
- Ivanti Says ‘Critical’ Cloud Gateway Vulnerability Seeing Exploitation
- Microsoft Edge will flag extensions causing performance issues