SNOWGLOBE: From Discovery to Attribution
|
|
- Howard Bailey
- 7 years ago
- Views:
Transcription
1 Communications Security Centre de la sécurité SNOWGLOBE: From Discovery to Attribution CSECCNT/Cyber Cl SIGDEV 2011 Cyber Thread Préserver la sécurité du Canada par la supériorité de l'information vvdi IclQcl UNCLASSIFIED 1
2 l + l Communications Security Centre de la sécurité OVERVIEW Préserver la sécurité du Canada par la supériorité de l'information UNCLASSIFIED / n 11*1 Canada 2
3 1 * 1 Communications Security Centre de la sécurité Overview Discovery Development Victimology Attribution SNOWGLOBE. Questions and Comments Préserver la sécurité du Canada oar la supériorité de l'information UNCLASSIFIED Canada
4 l + l Communications Security Centre de la sécurité DISCOVERY I Discovery Development Victimology Attribution SNOWGLOBE Questions Préserver la sécurité du Canada par la supériorité de l'information UNCLASSIFIED Canada
5 Overall Classification: TOP SECRET II COMINTII REL TO CAN, AUS, GBR, NZL, USA I ^ I Communications Security Centre de la sécurité Discovery Discovered in November 2009 Existing CNE Access WARRIORPRIDE as a sensor - REPLICANTFARM for anomaly detection XML info from implant Signature-based detection of anomalous activity and known techniques Noticed: Command-line to create password protected RAR - Always the same password Retrieved files associated with activity - Identified unknown malware through reverse engineering Collecting from specific, targeted accounts "Felt like" a Fl-collecting tool Pointed to first discovered LP Provided intial comms analysis to allow signature deployment in passive collection Préserver la sécurité du Canadapar la supériorité de l'informatioi v d l IdQcl TOP SECRET // COMINT // REL TO CAN^AUS, GBR, NZL, L
6 ^ Communications Security Centre de la sécurité DEVELOPMENT Discovery Development Victimology Attribution SNOWGLOBE Questions Préserver la sécurité du Canada par la supériorité de l'information UNCLASSIFIED 6 Canada
7 Overall Classification: TOP SECRET II COMINTII REL TO CAN, AUS, GBR, NZL, USA I ^ I Communications Security Centre de la sécurité Implant SNOWBALLS - Found and identified wmimgmt.exe and wmimgmt.dll (later called the SNOWBALL implant). - Creates a service -> loads wmimgmt.exe -> injects wmimgmt.dll into IE. - Later upgraded SNOWBALL to SNOWBALL 2 Very similar beaconing. SNOWMAN - More sophisticated implant, discovered mid Less is known about SNOWMAN, but efforts against it continue. Préserver la sécurité du Canadapar la supériorité de I'informatioi v d l IdQcl TOP SECRET // COMINT // REL TO CAN,LAUS, GBR, NZL, L
8 l + l Communications Security Establishment Canada Centre de la sécurité des télécommunications Canada SNOWBALL Beacons Content crc= 491ffa 2e746f f6fbe flag qkrnp2arnaqyhdl7ge99nzry qjrnpn9lb6346kdp%2fiw44 6rlKHkgpWjupDerZrnyg5%2 FX7oWH3bfArnYvClraLupS M%2BqGeuP%2BV4eDk%2 F4S%2Fi7rnYzLuQr4fe5520 gcwyrjiu2iz6x06uwqbbjou Z%2B9KlhNHAv5algd%2B plcw94n7o2fiyulfh%2frml Y3Csdy Oi5CrnuYrri80YXz7 oknlqbagzqqlkqfoiltqn 7rngdW%2FxYGBwpP2j6 %2BUu9Ctg8jGoseeh9% 2BY4sqansyziKqJn%2FO b3c6ylbehp5dcs4aqjyvn %2BL6n9dbuxOfKlo2NqN uc7rjnutmbvywihyz61% 2FDYgO%2FYhICZ%2F% 2BzS58Get4W%2Bwb3N 84Scw4L4hraE2LrnM%2F MiASOne3uzE6NruOYfo3v TRivSC40T8l6ue953Xr4ql gjd9ldzf7mtotuxbhupe99 K9IfX2oL70qe4ldPgxJWN wrhcjouqlqtk96pfvyyyrri 4rn9IrnD2Zj4yqvRlo%2Blh dkqizqs47q%2fnnd3wy 7r3PLIkOeV a 32-byte checksum beacon size in bytes Meaning/decrypt Description field, Values can be: flag, segment, len Login/Domain (owner): SYSTEM/AUTORITE NT (user) Computer name: EXPORT Organization (country): (France) OS version (SP): 5.1 (Service Pack 3) Default browser: iexplore.exe IE version: Mozilla/4.0 (compatible; MSIE 6,0; Win32) Timeout: 360G(nnin)480Ci(max) First launch: 07\30\ :29:37 Last launch : 11\20\20G9 10:32:42 Mode: Service Rights: Admin UAC: N/A ID: User-Agent: Mozilla/4.0 (compatible; MSI 6.0; Windows NT 5.1;.NET CLR ;.NET CLR ) Préserver la sécurité du Canadapar la supériorité de l'informatioi TOP SECRET // COMINT /n ii*i Canada TO CANßAUS, GBR, NZL, L
9 l + l Communications Security Establishment Canada Centre de la sécurité des télécommunications Canada Passive Collection EONBLUE - Global Access capability deployed across collection programs, including SPECIALSOURCE and CANDLEGLOW (FORNSAT). - Provides passive cyber-threat detection. - Allowed us to find additional infrastructure by using signatures for known SNOWGLOBE beacons Traditional - As always, a huge asset - With passive access, we were able to see an operator log in to an LP Single-token authentication + weak hash = breakthrough. Seeing the operator log in provided enough to get into the LPs for ourselves. Préserver la sécurité du Canadapar la supériorité de I'informatioi v d l IdUcl TOP SECRET // COMINT // REL TO CAN,1AUS, GBR, NZL, L
10 l + l Communications Security Establishment Canada Centre de la sécurité des télécommunications Canada Infrastructure Most infrastructure hosted in FVEY nations US, Canada, UK, Czech Republic, Poland, Norway Two types of infrastructure: - Parasitic outbase.php or register.php LP nested in a directory under root domain Unsure if this infrastructure is acquired via exploitation, some sort of special-source access, or some combination of the two This type seems to be found primarily, but not exclusively, on French-language sites - Free hosting outbase.php or register.php LP directly under root Préserver la sécurité du Canadapar la supériorité de I'informatioi v d l IdUcl TOP SECRET // COMINT // REL TO CAN,1AUS, GBR, NZL, L
11 l + l Communications Security Establishment Canada Centre de la sécurité des télécommunications Canada Infrastructure Most infrastructure hosted in FVEY nations US, Canada, UK, Czech Republic, Poland, Norway Two types of infrastructure: - Parasitic outbase.php or register.php LP nested in a directory under root domain Unsure if this infrastructure is acquired via exploitation, some sort of special-source access, or some combination of the two This type seems to be found primarily, but not exclusively, on French-language sites - Free hosting outbase.php or register.php LP directly under root Préserver la sécurité du Canadapar la supériorité de I'informatioi v d l IdUcl TOP SECRET // COMINT // REL TO CAN,1AUS, GBR, NZL, L
12 l + l Communications Security Establishment Canada Centre de la sécurité des télécommunications Canada Infrastructure: C2 / H li*i Préserver la a sécurité du canadapar Canadapar la supériorité de l'inrormatioi l'informatioi v d l IdQcl TOP SECRET // COMINT // REL TO CANJAUS, GBR, NZL, L
13 l + l Communications Security Centre de la sécurité Infrastructure: C2 pvaacpjiit! IH Repository 1.3,1 mfjc! pdi : j. i ff^'j.f x&f mhi F-- wfys ill.fa^ is* bhxja b} Omtif rj> hr.11 ntnu...-. I HHMNPI MP vm FrM La fi J. & Kc<) I tw,11 I H Ésrtù ry "TÉ u.. SfAHHaWf id. [ + 1 Till I W Ht iuh ij I C*My <>» KïM«l( 3W-4K4 - - I. -[ aeie/et/a* - ff.njn I- - iki itdmwu.pk /C /U - u J--Ì- ill l'bt-bd_iu.t'««l Lïk t 1 yi>jr par La 1 -d-l la ni-rmur rwaiogi. _, ptru La md 1 Ç*-> 23f4 butani C>» t-l g «TEHP^aLL pde I * I I 3IHIB/M/» " OT AT :CTf HAP. 3. W CToprrL-pht lai IfUrJWI JU-cwd«Haihal lffi Jbiiq 7IJG3 5tuTmr* nthiw Tnu EAE -7 fur twlp Enludtlaa copf Cuuut TUif OM-tMitj af C \ TUil aanth.tfl of C'Y r.fc-«aivd \AftaLn.i«-fc w «.-tw3-r\ pdf Lb jom3 Sùr.c.3 rrfib'ijtt l lfaarr«\ AEah L.i*mi»V air TOP SECRET II COMINT II REL TO CAN, AUS, GBR, NZL, USA / H 11*1 Préserver la a sécurité du canadapar Canadapar la supériorité de rinrormatioi l'informatioi v d l IdQcl TOP SECRET // COMINT // REL TO CANJAUS, GBR, NZL, L
14 I ^ I Communications Security y Centre de la sécurité VICTIMOLOGY IDiscovery Development Victimology Attribution SNOWGLOBE Questions r i n r l o Préserver la sécurité du Canada par la supériorité de l'information VyCLi ìfxkafx. UNCLASSIFIED 14
15 j*. Communications Security Centre de la sécurité Victimology: Iran Iranian MFA Iran University of Science and Technology # Atomic Energy Organization of Iran Data Communications of Iran Iranian Research Organization for Science Technology, Imam Hussein University Malek-E-Ashtar University Préserver la sécurité du Canadapar la supériorité de I'informatioi v d l I d Q c l TOP SECRET // COMINT // REL TO CAN^US, GBR, NZL, L
16 1 * 1 Communications Security Centre de la sécurité Victimology: Global Five Eyes - Possible targeting of a French-language Canadian media organization Europe - Greece Possibly associated with European Financial Association - France - Norway - Spain Africa - Ivory Coast - Algeria Canada Préserver la sécurité du Canadapar la supériorité de l'informatioi. ji H COMINT h REL T 0 CAN.1AUS, GBR, NZL, L
17 l + l Communications Security Establishment Canada Centre de la sécurité des télécommunications Canada ATTRIBUTION Discovery Development Victimology Attribution SNOWGLOBE Questions Préserver la sécurité du Canada par la supériorité de l'information UNCLASSIFIED 17
18 Overall Classification: TOP SECRET II COMINTII REL TO CAN, AUS, GBR, NZL, USA j*. Communications Security Centre de la sécurité ntrass.exe - DLL Loader uploaded to a victim as part of tasking seen in collection - Internal Name: Babar - Developer username: titi Babar is a popular French children's television show Titi is a French diminutive for Thiery, or a colloquial term for a small person Préserver la sécurité du Canadapar la supériorité de I'informatioi v d l IdQcl TOP SECRET // COMINT // REL TO CAN,LAUS, GBR, NZL, L
19 Overall Classification: TOP SECRET II COMINTII REL TO CAN, AUS, GBR, NZL, USA I ^ I Communications Security Centre de la sécurité Attribution: Language ko used instead of kb - a quirk of the French technical community English used throughout C2 interface, BUT phrasing and word choice are not typical of a native English speaker - An attempt at obfuscation? Locale option of artifact within spear-phishing attack set to "fr FR" _ Préserver la sécurité du Canadapar la supériorité de I'informatioi v d l IdQcl TOP SECRET // COMINT // REL TO CAN,LAUS, GBR, NZL, L
20 1*1 Overall Classification: TOP SECRET II COMINTII REL TO CAN, AUS, GBR, NZL, USA Communications Security Centre de la sécurité Attribution: Intelligence Priorities Iranian science and technology - Notably, the Atomic Energy Organization of Iran - Nuclear research European supranational organizations - European Financial Association Former French colonies - Algeria, Ivory Coast French-speaking organizations/areas - French-language media organization Doesn't fit cybercrime profile Préserver la sécurité du Canadapar la supériorité de l'informatioi v d l IdQcl TOP SECRET // COMINT // REL TO CAN^AUS, GBR, NZL, L
21 Communications Security y Centre de la sécurité SNOWGLOBE. Discovery Development Victimology Attribution SNOWGLOBE Questions Préserver la sécurité du Canada par la supériorité de l'information Canada 21
22 l + l Communications Security Centre de la sécurité SNOWGLOBE. CSEC assesses, with moderate certainty, SNOWGLOBE to be a state-sponsored CNO effort, put forth by a French intelligence agency Préserver la sécurité du Canadapar la supériorité de l'informatioi TOP SECRET // COMINT / n 11*1 Canada TO CAN2MJS, GBR, NZL, L
23 Overall Classification: TOP SECRET IICOMINTII REL TO CAN, AUS, GBR, NZL, USA I ^ I Communications Security / Centre de la sécurité SNOWGLOBE Program C2 nodes worldwide (including Canada, US, UK) - Free hosting - Compromised 3 implants - SNOWBALL 1 - SNOWBALL 2 - SNOWMAN Victims in Spain, Greece, Norway, France, Algeria, Cote d'ivoire - Intense focus on Iranian science and technology organizations Likely French intelligence - Specific agency unknown J'A 1 Préserver la sécurité du Canadapar la supériorité de l'informatioi I d U c l TOP SECRET // COMINT // REL TO CAN2AUS, GBR, NZL, L
24 l + l Communications Security Establishment Canada Centre de la sécurité des télécommunications Canada What We Don't Know Any persona details How they get their non-free LPs - Exploitation? - Special source? Last hop (operator to infrastructure) - Believed to be Tor-based... Which agency within the French intelligence community might be responsible - Who's driving the intelligence requirements Efforts against the SNOWMAN crypt continue Préserver la sécurité du Canadapar la supériorité de I'informatioi v d l IdUcl TOP SECRET // COMINT // REL TO CAN,1AUS, GBR, NZL, L
25 l + l Communications Security Centre de la sécurité QUESTIONS AND COMMENTS Discovery Development Victimology Attribution SNOWGLOBE Questions Préserver la sécurité du Canada par la supériorité de l'information Canada UNCLASSIFIED 25
* o SNOWGLOBE: From Discovery to Attribution. Overall Classification: TOP SECRET II COMINT II REL TO CAN, AUS. GBR, NZL, USA. l + l UNCLASSIFIED 1
l + l Overall Classification: TOP SECRET II COMINT II REL TO CAN, AUS. GBR, NZL, USA Communications Security Centre de la sécurité * o SNOWGLOBE: From Discovery to Attribution Safeguarding Canada's security
More informationSANS Institute First Five Quick Wins
#1 QUICK WIN- APPLICATION WHITELISTING SANS Critical Controls: #2: Inventory of Authorized and Unauthorized Software 1) Deploy application whitelisting technology that allows systems to run software only
More informationCSEC Cyber Threat Capabilities
1*1 Communications Security Centre de la sécurité T 0 P SECRET//COMINT//REL TO FVEY CSEC Cyber Threat Capabilities SIGINT and ITS: an end-to-end approach Préserver la sécurité du Canada par la supériorité
More informationVISA SECURITY ALERT December 2015 KUHOOK POINT OF SALE MALWARE. Summary. Distribution and Installation
VISA SECURITY ALERT December 2015 KUHOOK POINT OF SALE MALWARE Distribution: Merchants, Acquirers Who should read this: Information security, incident response, cyber intelligence staff Summary Kuhook
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 24 Windows and Windows Vista Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Windows and Windows Vista Security
More informationAlert (TA14-212A) Backoff Point-of-Sale Malware
Alert (TA14-212A) Backoff Point-of-Sale Malware Original release date: July 31, 2014 Systems Affected Point-of-Sale Systems Overview This advisory was prepared in collaboration with the National Cybersecurity
More information05 June 2015 A-000061-MW TLP: GREEN
05 June 2015 Alert Number A-000061-MW Please contact the FBI with any questions related to this FLASH Report at either your local Cyber Task Force or FBI CYWATCH. Email: cywatch@ic.fbi.gov Phone: 1-855-292-3937
More informationPenetration Testing Report Client: Business Solutions June 15 th 2015
Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com
More informationPre-Installation Guide
Pre-Installation Guide Version 8.2 December 11, 2015 For the most recent version of this document, visit our documentation website. Table of Contents 1 Pre-installation overview 4 2 Windows updates 4 3
More informationTechnote 20 Using MSIE to FTP into an AcquiSuite
Technote 20 Using MSIE to FTP into an AcquiSuite Author: Stephen Herzog This document discusses the use of Microsoft Internet Explorer to FTP into the AcquiSuite. Other browsers such as Firefox should
More informationiscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi
iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi Agenda Introduction iscsi Attacks Enumeration Authorization Authentication iscsi Defenses Information Security Partners (isec) isec Partners Independent
More informationPassword Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2
Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2 Last revised: November 12, 2014 Table of Contents Table of Contents... 2 I. Introduction... 4 A. ASP.NET Website... 4 B.
More informationCSEC SIGINT Cyber Discovery Summary of the current effort
l + l Communications Security CSEC SIGINT Cyber Discovery Summary of the current effort Communications Security Covert Network Threats Cyber-Counterintelligence Discovery Conference GCHQ - November 2010
More informationIPS Attack Protection Configuration Example
IPS Attack Protection Configuration Example Keywords: IPS Abstract: This document presents a configuration example for the attack protection feature of the IPS devices. Acronyms: Acronym Full spelling
More informationAPT Advanced Persistent Threat Time to rethink?
APT Advanced Persistent Threat Time to rethink? 23 November 2012 Gergely Tóth Senior Manager, Security & Privacy Agenda APT examples How to get inside? Remote control Once we are inside Conclusion 2 APT
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Secure Bytes, October 2011 This document is confidential and for the use of a Secure Bytes client only. The information contained herein is the property of Secure Bytes and may
More informationInstallation Guide. Novell Storage Manager 3.1.1 for Active Directory. Novell Storage Manager 3.1.1 for Active Directory Installation Guide
Novell Storage Manager 3.1.1 for Active Directory Installation Guide www.novell.com/documentation Installation Guide Novell Storage Manager 3.1.1 for Active Directory October 17, 2013 Legal Notices Condrey
More informationEnterprise Incident Response: Network Intrusion Case Studies and Countermeasures
Enterprise Incident Response: Network Intrusion Case Studies and Countermeasures Eric J. Eifert Vice President, Cyber Defense Division ManTech s Mission, Cyber, & Technology Solutions Presentation Overview
More informationTargeted attacks: Tools and techniques
Targeted attacks: Tools and techniques Performing «red-team» penetration tests Lessons learned Presented on 17/03/2014 For JSSI OSSIR 2014 By Renaud Feil Agenda Objective: Present tools techniques that
More informationEC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.
CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape
More informationPre-Installation Guide
Pre-Installation Guide June 21, 2016 - Version 9.2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
More informationPost-Access Cyber Defense
Post-Access Cyber Defense Dr. Vipin Swarup Chief Scientist, Cyber Security The MITRE Corporation November 2015 Approved for Public Release; Distribution Unlimited. 15-3647. 2 Cyber Security Technical Center
More informationImplementation Guide. Version 10
Implementation Guide Version 10 Synthesis Enterprise Portal Implementation Guide Part Identification: RPIGSEP10 ReliaSoft Corporation Worldwide Headquarters 1450 South Eastside Loop Tucson, Arizona 85710-6703,
More informationSend to Network Folder. Embedded Digital Sending
Send to Network Folder Embedded Digital Sending Embedded Digital Sending Legal Notice Copyright 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without
More informationNetBrain Security Guidance
NetBrain Security Guidance 1. User Authentication and Authorization 1.1. NetBrain Components NetBrain Enterprise Server includes five components: Customer License Server (CLS), Workspace Server (WSS),
More informationSpeeding up PDF display in Acrobat
Speeding up PDF Display (Firefox 2) Speeding up PDF display in Acrobat WHY CHANGE THE PDF DISPLAY BEHAVIOUR?...1 FIREFOX 2...2 INTERNET EXPLORER 7...5 Why change the PDF display behaviour? Why? Because
More informationINDUSTRY OVERVIEW: HEALTHCARE
ii IBM MSS INDUSTRY OVERVIEW: HEALTHCARE RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: OCTOBER 7, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW/KEY FINDINGS...
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationHP Business Availability Center
HP Business Availability Center for the Windows and Solaris operating systems Software Version: 8.05 Business Process Monitor Administration Document Release Date:September 2010 Software Release Date:
More informationInstallation and Upgrade Guide
ControlPoint for Office 365 Publication Date: January 12, 2016 All Rights Reserved. This software is protected by copyright law and international treaties. Unauthorized reproduction or distribution of
More informationFolder Proxy + OWA + ECP/EAC Guide. Version 2.0 April 2016
Version 2.0 April 2016 Folder Proxy + OWA + ECP/EAC Guide Copyright 2016 iwebgate. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system,
More informationSmart Card Authentication. Administrator's Guide
Smart Card Authentication Administrator's Guide October 2012 www.lexmark.com Contents 2 Contents Overview...4 Configuring the applications...5 Configuring printer settings for use with the applications...5
More informationTransferring Your Internet Services
Page 1 of 6 Transferring Your Internet Services Below you will find the instructions necessary to move your web hosting, email, and DNS services to NuVox. The Basics Transferring your domain name Preparing
More informationSecurity Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems
IT 4823 Information Security Administration Securing Operating Systems June 18 Security Maintenance Practices Basic proactive security can prevent many problems Maintenance involves creating a strategy
More informationThe Trivial Cisco IP Phones Compromise
Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002
More informationHP IMC User Behavior Auditor
HP IMC User Behavior Auditor Administrator Guide Abstract This guide describes the User Behavior Auditor (UBA), an add-on service module of the HP Intelligent Management Center. UBA is designed for IMC
More informationEndpoint Protection Administrator Guide
Endpoint Protection Administrator Guide Copyright Endpoint Protection Administrator Guide June, 2013 2012-2013 Webroot, Inc. All rights reserved. Webroot is a registered trademark and SecureAnywhere is
More informationA more comprehensive version of this material was published in the October issue of the Virus Bulletin magazine [3].
INSIDE A BLACK HOLE By Gabor Szappanos, Principal Researcher, SophosLabs Introduction Without exception the most actively deployed exploit kit in the past year was the Blackhole exploit kit. [1]. Now that
More informationHP Operations Orchestration Software
HP Operations Orchestration Software Software Version: 9.00 HP Business Availability Center Integration Document Release Date: June 2010 Software Release Date: June 2010 Legal Notices Warranty The only
More informationVEEAM ONE 8 RELEASE NOTES
VEEAM ONE 8 RELEASE NOTES This Release Notes document provides last-minute information about Veeam ONE 8 Update 2, including system requirements, installation instructions as well as relevant information
More informationQuickCRM Mobile. Mobile Access to SugarCRM. User Manual. Version: 2.6
QuickCRM Mobile Mobile Access to SugarCRM User Manual Version: 2.6 NS-Team S.A.R.L. au capital de 90 000 euros R.C.S. Toulouse 449 396 704 55 chemin de Mervilla 31320 Auzeville - FRANCE SIRET 449 396 704
More informationSoftware Version 1.0 ConnectKey TM Share to Cloud April 2013. Xerox ConnectKey Share to Cloud User / Administrator s Guide
Software Version 1.0 ConnectKey TM Share to Cloud April 2013 Xerox ConnectKey Share to Cloud User / Administrator s Guide 2013 Xerox Corporation. All rights reserved. Xerox, Xerox and Design, and Xerox
More informationCloud Help for Community Managers...3. About Jive Anywhere...4. Jive Anywhere System Requirements...5. Managing Jive Anywhere...6
Anywhere Contents 2 Contents Cloud Help for Community Managers...3 About Jive Anywhere...4 Jive Anywhere System Requirements...5 Managing Jive Anywhere...6 Installing the Extended API JAR File...6 Post-Installation
More informationCleaning Encrypted Traffic
Optenet Documentation Cleaning Encrypted Traffic Troubleshooting Guide iii Version History Doc Version Product Date Summary of Changes V6 OST-6.4.300 01/02/2015 English editing Optenet Documentation
More informationInstalling an Omnicast System Omnicast version 3.5
Installing an Omnicast System Omnicast version 3.5 INST-9001 Version 1.0 INST-9001 Page 1 Omnicast Install Table of Contents 1 PREAMBLE...3 1.1 DOCUMENT REVISIONS...3 1.2 OMNICAST OVERVIEW...3 1.3 SUPPORTED
More informationDriving Success in 2013: Enabling a Smart Protection Strategy in the age of Consumerization, Cloud and new Cyber Threats. Eva Chen CEO and Co-Founder
Driving Success in 2013: Enabling a Smart Protection Strategy in the age of Consumerization, Cloud and new Cyber Threats Eva Chen CEO and Co-Founder Consistent Vision for 25 Years A world safe for exchanging
More informationMobile device and application management. Speaker Name Date
Mobile device and application management Speaker Name Date 52% 90% >80% 52% of information workers across 17 countries report using three or more devices for work* 90% of enterprises will have two or more
More informationDownloading and Mass Deploying Applications
Downloading and Mass Deploying Applications Use of this product requires additional applications that must be downloaded to your users' computers. You can download and mass deploy these applications using
More informationT his feature is add-on service available to Enterprise accounts.
SAML Single Sign-On T his feature is add-on service available to Enterprise accounts. Are you already using an Identity Provider (IdP) to manage logins and access to the various systems your users need
More informationVersafe TotALL Online Fraud Protection
Versafe TotALL Online Fraud Protection Protect ALL users. From ALL malware, threat types. On ALL devices. ALL transparently to the end-user. Summary of Mobile Malware & Cross-Device Attacks Overview of
More informationWHITEPAPER. Nessus Exploit Integration
Nessus Exploit Integration v2 Tenable Network Security has committed to providing context around vulnerabilities, and correlating them to other sources, such as available exploits. We currently pull information
More informationSecret Server Installation Windows 8 / 8.1 and Windows Server 2012 / R2
Secret Server Installation Windows 8 / 8.1 and Windows Server 2012 / R2 Table of Contents Table of Contents... 1 I. Introduction... 3 A. ASP.NET Website... 3 B. SQL Server Database... 3 C. Administrative
More informationLATITUDE Patient Management System
LATITUDE PACEART INTEGRATION 1.01 GUIDE LATITUDE Patient Management System LATITUDE PACEART INTEGRATION SYSTEM DIAGRAM a. Patient environment b. LATITUDE environment c. Clinic environment d. Data retrieval
More informationWhite Paper BMC Remedy Action Request System Security
White Paper BMC Remedy Action Request System Security June 2008 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From this website, you can obtain information
More informationImplementing Security Update Management
Implementing Security Update Management Wayne Harris MCSE Senior Consultant Certified Security Solutions Business Case for Update Management When determining the potential financial impact of poor update
More informationAPPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK
APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK John T Lounsbury Vice President Professional Services, Asia Pacific INTEGRALIS Session ID: MBS-W01 Session Classification: Advanced
More informationDepartment of Veterans Affairs VistA Integration Adapter Release 1.0.5.0 Enhancement Manual
Department of Veterans Affairs VistA Integration Adapter Release 1.0.5.0 Enhancement Manual Version 1.1 September 2014 Revision History Date Version Description Author 09/28/2014 1.0 Updates associated
More informationNovell ZENworks 10 Configuration Management SP3
AUTHORIZED DOCUMENTATION Software Distribution Reference Novell ZENworks 10 Configuration Management SP3 10.3 November 17, 2011 www.novell.com Legal Notices Novell, Inc., makes no representations or warranties
More informationBackoff: New Point of Sale Malware. 31 July 2014. National Cybersecurity and Communications Integration Center
Backoff: New Point of Sale Malware 31 July 2014 National Cybersecurity and Communications Integration Center Contents: Executive Summary... 3 Analytic Overview... 3 Capabilities... 3 Variants... 4 Command
More informationDatabase security issues PETRA BILIĆ ALEXANDER SPARBER
Database security issues PETRA BILIĆ ALEXANDER SPARBER Introduction Database security is one aspect of computer security It uses different information security controls to protect databases Information
More informationMCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features
MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security
More informationSecure Messaging Server Console... 2
Secure Messaging Server Console... 2 Upgrading your PEN Server Console:... 2 Server Console Installation Guide... 2 Prerequisites:... 2 General preparation:... 2 Installing the Server Console... 2 Activating
More informationHow to prevent computer viruses in 10 steps
How to prevent computer viruses in 10 steps Following on from our advice on how to keep your online data secure, we ve created a follow-up outlining how you can keep your computer itself safe. Not only
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationOffice 365. Service Overview with a focus on Identity Federation and Directory Synchronization. Jono Luk, Program Manager jluk@microsoft.
Office 365 Service Overview with a focus on Identity Federation and Directory Synchronization Jono Luk, Program Manager jluk@microsoft.com Presented on July 6, 2011 at Seattle Windows Networking User Group
More informationHow To Manage Storage With Novell Storage Manager 3.X For Active Directory
www.novell.com/documentation Installation Guide Novell Storage Manager 4.1 for Active Directory September 10, 2015 Legal Notices Condrey Corporation makes no representations or warranties with respect
More informationBlackBerry Enterprise Server Resource Kit
BlackBerry Enterprise Server Resource Kit Version: 5.0 Service Pack: 3 Installation Guide Published: 2011-06-20 SWD-1701641-0620052345-001 Contents 1 Overview... 3 Options for downloading the BlackBerry
More informationBio-inspired cyber security for your enterprise
Bio-inspired cyber security for your enterprise Delivering global protection Perception is a network security service that protects your organisation from threats that existing security solutions can t
More informationActive Directory Integration with Blue Coat
The Web Security Authority. TM Active Directory Integration with Blue Coat NOTE: This techbrief is applicable when using NTLM under Windows 2000 Server. Introduction Windows 2000 server utilizes Active
More informationFrom Georgia, with Love Win32/Georbot. Is someone trying to spy on Georgians?
From Georgia, with Love Win32/Georbot Is someone trying to spy on Georgians? At the beginning of the year, a curious piece of malware came to our attention. An analyst in our virus laboratory noticed that
More informationCLASSIFICATION: TOP SECRET // COMINT // REL FVEY
CLASSIFICATION: erview 36 Project Overview 36 Current Status 36 Proposed Architecture 36 Towards 2015 36 Alignment of passive cyber sensor capabilities and architecture in the SIGINT and ITS missions 36
More informationSpecific recommendations
Background OpenSSL is an open source project which provides a Secure Socket Layer (SSL) V2/V3 and Transport Layer Security (TLS) V1 implementation along with a general purpose cryptographic library. It
More informationUser Service and Directory Agent: Configuration Best Practices and Troubleshooting
User Service and Directory Agent: Configuration Best Practices and Troubleshooting Websense Support Webinar March 2011 web security data security email security Support Webinars 2009 Websense, Inc. All
More informationInstall SQL Server 2014 Express Edition
How To Install SQL Server 2014 Express Edition Updated: 2/4/2016 2016 Shelby Systems, Inc. All Rights Reserved Other brand and product names are trademarks or registered trademarks of the respective holders.
More informationKaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking
Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey
More informationAudit Management Reference
www.novell.com/documentation Audit Management Reference ZENworks 11 Support Pack 3 February 2014 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of
More informationAttacks 2011: How Complexity Evaded Defenses and Strategies for Prevention TOMER TELLER CHECK POINT SOFTWARE TECHNOLOGIES. Session Classification:
Attacks 2011: How Complexity Evaded Defenses and Strategies for Prevention TOMER TELLER CHECK POINT SOFTWARE TECHNOLOGIES Session ID: SPO1-303 Session Classification: General Interest Welcome to RSA 2013.
More informationWebAdmin Guide Manage Filtering with the Netsweeper Policy Server and the Client Filter
WebAdmin Guide Manage Filtering with the Netsweeper Policy Server and the Client Filter Netsweeper Inc. 104 Dawson Road Guelph, Ontario N1H 1A7 Canada Phone: +1 519-826-5222 Fax: +1 519-826-5228 41 Marlowes
More informationInternal Security Concepts Users Guide
orrelog Internal Security Concepts Users Guide This guide provides overview information on the internal security concepts of the CorreLog Server needed to provide secure operation and data safety. This
More informationEMBEDDED WEB SERVER CONFIGURATION TO ENABLE AUTOSEND AND OUTGOING EMAIL FOR HP QUICKPAGE
EMBEDDED WEB SERVER CONFIGURATION TO ENABLE AUTOSEND AND OUTGOING EMAIL FOR HP QUICKPAGE INTRODUCTION To ensure accurate billing, the HP QuickPage program requires collection of the metered information
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationOracle Enterprise Single Sign-on Logon Manager. Installation and Setup Guide Release 11.1.1.2.0 E15720-02
Oracle Enterprise Single Sign-on Logon Manager Installation and Setup Guide Release 11.1.1.2.0 E15720-02 November 2010 Oracle Enterprise Single Sign-on Logon Manager, Installation and Setup Guide, Release
More informationGOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS. Joe Goldberg. Splunk. Session ID: SPO-W09 Session Classification: Intermediate
GOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS Joe Goldberg Splunk Session ID: SPO-W09 Session Classification: Intermediate About Me Joe Goldberg Current: Splunk - Security Evangelist
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More information000-596. IBM Security Access Manager for Enterprise Single Sign-On V8.2 Implementation Exam. http://www.examskey.com/000-596.html
IBM 000-596 IBM Security Access Manager for Enterprise Single Sign-On V8.2 Implementation Exam TYPE: DEMO http://www.examskey.com/000-596.html Examskey IBM 000-596 exam demo product is here for you to
More informationWindows Server Update Services 3.0 SP2 Step By Step Guide
Windows Server Update Services 3.0 SP2 Step By Step Guide Microsoft Corporation Author: Anita Taylor Editor: Theresa Haynie Abstract This guide provides detailed instructions for installing Windows Server
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationSmart Card Authentication Client. Administrator's Guide
Smart Card Authentication Client Administrator's Guide April 2013 www.lexmark.com Contents 2 Contents Overview...3 Configuring Smart Card Authentication Client...4 Configuring printer settings for use
More informationGetting Started With SAM Director SAM Director User Guide
Getting Started With SAM Director SAM Director User Guide Copyright 2014 License Dashboard Limited. License Dashboard Limited is a trading subsidiary of the Blenheim Group. License Dashboard Limited -
More informationTo install Multifront you need to have familiarity with Internet Information Services (IIS), Microsoft.NET Framework and SQL Server 2008.
Znode Multifront - Installation Guide Version 6.2 1 System Requirements To install Multifront you need to have familiarity with Internet Information Services (IIS), Microsoft.NET Framework and SQL Server
More informationSetting Up Resources in VMware Identity Manager
Setting Up Resources in VMware Identity Manager VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationINDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION
INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer
More informationSNARE Agent for Windows v 4.2.3 - Release Notes
SNARE Agent for Windows v 4.2.3 - Release Notes Snare is a program that facilitates the central collection and processing of the Windows Event Log information. All three primary event logs (Application,
More informationWindows passwords security
IT Advisory Windows passwords security ADVISORY WHOAMI 2 Agenda The typical windows environment Local passwords Secure storage mechanims: Syskey & SAM File Password hashing & Cracking: LM & NTLM Into the
More informationPopular Android Exploits
20-CS-6053 Network Security Spring, 2016 An Introduction To Popular Android Exploits and what makes them possible April, 2016 Questions Can a benign service call a dangerous service without the user knowing?
More informationMobile Device Management Version 8. Last updated: 17-10-14
Mobile Device Management Version 8 Last updated: 17-10-14 Copyright 2013, 2X Ltd. http://www.2x.com E mail: info@2x.com Information in this document is subject to change without notice. Companies names
More informationWebsense Support Webinar: Questions and Answers
Websense Support Webinar: Questions and Answers Configuring Websense Web Security v7 with Your Directory Service Can updating to Native Mode from Active Directory (AD) Mixed Mode affect transparent user
More informationRequirements Document for ROI Print Assessment/Print Manager
Requirements Document for ROI Print Assessment/Print Manager Print Manager Pre-requisites for a successful deployment Contents 1. What is - a. Print Assessment? b. Print Manager? c. ROI Analytics? 2. About
More informationRadware Security Research. Reverse Engineering a Sophisticated DDoS Attack Bot. Author: Zeev Ravid
Reverse Engineering a Sophisticated DDoS Attack Bot Author: Zeev Ravid July 2015 Introduction In July 2015, Radware s Emergency Response Team (ERT) noticed a significant increased usage of the Tsunami
More informationIntegration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Drupal
SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More information