egambit Forensic egambit, your defensive cyber-weapon system. You have the players. We have the game.



Similar documents
Endpoint Security - HIPS. egambit, your defensive cyber-weapon system. You have the players. We have the game.

Network Flow Analysis. egambit, your defensive cyber-weapon system. You have the players. We have the game.

egambit Your defensive cyber-weapon system. You have the players. We have the game. TEHTRI-Security

Sophos Computer Security Scan startup guide

Nessus Agents. October 2015

Deep Discovery. Technical details

Memory Forensics & Security Analytics: Detecting Unknown Malware

Evolving Threat Landscape

GRC & Cyber Security Conference - Bringing the Silos Together ISACA Ireland 3 Oct 2014 Fahad Ehsan

Cloud Services Prevent Zero-day and Targeted Attacks

Detecting Unknown Malware: Security Analytics & Memory Forensics. Fahad Ehsan. Cyber Security #RSAC

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

The Value of Physical Memory for Incident Response

GravityZone INSTALLATION GUIDE

Digital Forensic analysis of malware infected machine Case study ***

Securing the endpoint and your data

Protecting Your Organisation from Targeted Cyber Intrusion

Application Whitelisting - Extend your Security Arsenal? Mike Baldi Cyber Security Architect Honeywell Process Solutions

Spyware Doctor Enterprise Technical Data Sheet

Managing a Malware Outbreak

WildFire. Preparing for Modern Network Attacks

Faronics Products SYSTEM REQUIREMENTS Last modified: October 2014

Malware Trend Report, Q April May June

What is Next Generation Endpoint Protection?

Advanced Endpoint Protection

All Information is derived from Mandiant consulting in a non-classified environment.

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Parallels Virtuozzo Containers 4.7 for Linux Readme

GravityZone INSTALLATION GUIDE

ADVANCED THREATS IN THE ENTERPRISE. Finding an Evil in the Haystack with RSA ECAT. White Paper

Enterprise Incident Response: Network Intrusion Case Studies and Countermeasures

VISA SECURITY ALERT December 2015 KUHOOK POINT OF SALE MALWARE. Summary. Distribution and Installation

WildFire Overview. WildFire Administrator s Guide 1. Copyright Palo Alto Networks

Post-Access Cyber Defense

Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com

Kaspersky Endpoint Security 10 for Windows. Deployment guide

Kaspersky Endpoint Security 8 for Linux INSTALLATION GUIDE

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

Persistence Mechanisms as Indicators of Compromise

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Security Intelligence Services. Cybersecurity training.

INFORMATION SECURITY TRAINING CATALOG (2015)

Citrix Application Streaming. Universal Application Packaging and Delivery Breaking Away from Traditional IT

Symantec Endpoint Protection Datasheet

Technical Note. CounterACT: Powerful, Automated Network Protection Inside and Out

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Enterprise Cybersecurity: Building an Effective Defense

APPLICATION PROGRAMMING INTERFACE

RSA Security Anatomy of an Attack Lessons learned

CopyKittens Attack Group

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

ZeroAccess. James Wyke. SophosLabs UK

FORENSIC ANALYSIS Aleš Padrta

INSTALLATION GUIDE El Jefe 2.1 Document version: June 2014

Advanced Threats: The New World Order

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Sophos Anti-Virus for Mac OS X network startup guide

Sophos Anti-Virus for Mac OS X network startup guide. For networked Macs running Mac OS X

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

Unknown threats in Sweden. Study publication August 27, 2014

Context Threat Intelligence

FortiClient SSL VPN Client User s Guide

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Kaspersky Anti-Virus 8.0 for Linux File Server Installation Guide

How We're Getting Creamed

Endpoint Threat Detection without the Pain

Threat Advisory: Accellion File Transfer Appliance Vulnerability

Fighting Advanced Threats

Defending Against Data Beaches: Internal Controls for Cybersecurity

Stop the Maelstrom: Using Endpoint Sensor Data in a SIEM to Isolate Threats

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

End to End Security do Endpoint ao Datacenter

Best Practices for Deploying Behavior Monitoring and Device Control

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Incident Response. Six Best Practices for Managing Cyber Breaches.

Comodo Endpoint Security Manager SME Software Version 2.1

Streamlined Malware Incident Response with EnCase

Eight Essential Elements for Effective Threat Intelligence Management May 2015

LASTLINE WHITEPAPER. In-Depth Analysis of Malware

5 Steps to Advanced Threat Protection

IBM Security. How BigFix Helps Investigate a Threat in Forensic Activities IBM

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Sophos Endpoint Security and Control standalone startup guide

Malware, Zero Day and Advanced Attack Protection Analysis Zscaler Internet Security and FireEye Web MPS

Breaking the Cyber Attack Lifecycle

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

CIT 480: Securing Computer Systems. Malware

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES

ANTI-VIRUS POLICY OCIO TABLE OF CONTENTS

User Guide for PCs. SecureAnywhere AntiVirus SecureAnywhere Internet Security Plus SecureAnywhere Complete Endpoint Protection

Whitepaper. Advanced Threat Hunting with Carbon Black

Sygate Secure Enterprise and Alcatel

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

Transcription:

egambit Forensic egambit, your defensive cyber-weapon system. You have the players. We have the game. TEHTRI-Security 2010-2015 www.tehtri-security.com

Forensic with egambit In this document, we will introduce how egambit Forensic can help at removing doubts regarding a potentially compromised endpoint. This is accomplished through an offline analyzer working on Windows, Linux and Mac OS X, combined with a web frontend, a knowledge-base, and a sandbox infrastructure for in-depth checks. Based on egambit version 3.1 November 2015

About the forensic activity - In CSIRT/SOC teams, we are all concerned about endpoint security and sometimes we have doubts about some hosts Ø Is it compromised or not? This is one of the key question - Your IT infrastructure might include different OS and distributions, which might not be handled by a main security analysis tool Ø Laptops / Workstations / Servers Ø Windows : XP, 2003, Vista, 2008, 7, 2012 Ø Linux : Ubuntu, Debian, CentOS, Fedora, ArchLinux, OpenSUSE Ø Mac OS X : Yosemite, El Capitan - A forensic player needs to analyze various locations on your systems in order to detect a suspicious program/activity Ø Processes, Files, Memory, Registry, Network, Startup - In some cases, a sandbox infrastructure is needed to analyze the behavior behind a weird file, like a document or a binary - With egambit Forensic, you get all of these key features

About egambit Forensic - egambit Offline Forensic or E.O.F. Ø This is a program that can inspect many areas of your systems and generates a report. No need to be connected to the Internet - egambit Forensic web site Ø This web site can read reports generated by E.O.F. so that you can get a diagnostic based on internal / external databases o This is like scanning your systems with more than 50 antiviruses Ø You can also work with hashes, domains, URLs and IP addresses to get a related security report Ø You can upload suspicious files for a complete scan against internal / external databases Ø For advanced analysis, you can push files to the egambit sandbox in order to safely execute/analyze them

egambit Offline Forensic E.O.F. Overview generated report Files, processes, startup, memory, network E.O.F runs on Windows, Linux or Mac OS X Upload it to the egambit Forensic website Binaries update.exe goodware driver.exe malware 9 / 56 Documents Contract.doc malware 23 / 55 Manual.pdf goodware The egambit Forensic website will read E.O.F reports to propose you diagnostics

egambit Offline Forensic E.O.F. Features Main features Standard Scan Processes, Startup programs, Disk files. Many formats are handled: o More than 70 extensions, such as EXE, DLL, SYS, BAT, PDF, DOC Advanced Scan Memory scan, Office macros, Browsers scans, Installed software, Antiviruses Specific commands and actions Network configuration (routing, proxies ), Groups, Users, System information

egambit Offline Forensic E.O.F. Options Optional features that can be enabled / disabled when required o o o o Files Scan: this can be a very long process when you have millions of files to analyze Documents Scan: doc, ppt, xls or pdf files. Some might contain sensitive names/information In-depth Files Scan to detect hidden backdoors: this might be a very long check Personal Scan: you can add your own rules to detect specific threats thanks to a standard format

Web site features You can launch security analysis through external or internal intelligence sources Currently, TEHTRIS proposes around 50 millions of hashes with its internal databases Beyond that, millions of hashes are available through private external databases links Search There, you can submit hashes of file, IP addresses, internet domains and URLs File There, you can easily upload your own files to get a database analysis E.O.F [Forensic] Download the forensic tools & launch it on MS Windows, Linux and Apple Mac OS X Then, upload the generated E.O.F reports to the website and get a full forensic report Sandbox Submit files for an in-depth analysis by executing them in a clean Windows environment Choose analysis options : memory scan, user or kernel hooks, Windows XP or 7

Sandbox analysis Overview Emulated Windows environments can safely analyze any kind of suspicious file : EXE, DOC, PDF, XLS, VBS upload files files are executed egambit Forensic website Windows Sandbox egambit sandbox features Supports many formats :.exe,.dll,.msi,.pdf,.doc,.xls,.ppt,.vbs,.jar,.html,.ps1,.zip,.rar Tracks any activity involving files, registry, network, processes Detects common threats : keylogger, browser injection, proxy modification, credentials harvesting, exfiltration Detects stealth behaviors : hidden files, antivirus kill, anti-sandboxes, stealth persistence, antidebug This can provide useful IOC Indicator Of Compromise, that will help your team at catching the threat over your whole IT environment

Sandbox analysis Samples

Synthesis egambit Forensic - Three levels of forensic investigation Ø Offline analyzer for Windows, Linux and Mac OS X [ E.O.F ] Ø Web site for specific search & upload over databases Ø Sandbox infrastructure for in-depth analysis - Up-to-date services for each feature continuity Ø We regularly add new killer features in E.O.F Ø Our databases are automatically filled and updated every day with new data from internal and external sources Ø The sandbox infrastructure is constantly improved to beat new threats and to propose new functionalities

Join us Ready for innovative solutions against cyber threats?

www.tehtri- security.com egambit egambit is a product that can monitor and improve your IT Security against complex threats like cyber-spy or cyber-sabotage activities. This product is realized by the TEHTRI-Security company in FRANCE. It is fully designed and developed near Bordeaux, and Paris as well. Created in 2012, the egambit product has already helped companies in China, Brazil, USA and Europe against internal and external cyber threats. In 3 years egambit has already caught billions of events related to security issues worldwide, thanks to the tremendous skills and motivation of expert Consultants working on the project with a real Ethical Hacking spirit. 100% of the source code is within TEHTRIS hands, and it was designed with extended security features. egambit is your defensive cyber-weapon system.

egambit Your defensive cyber-weapon system You have the players. We have the game. Let s use egambit in your environment, in order to improve hardening and detection of security issues and incidents.

Follow-up Do not hesitate to contact our team TEHTRI-Security Managed Security Service Provider www.tehtri-security.com egambit Complete defensive weapon system @tehtris www.tehtri-security.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information