In keeping with my presentation this Friday at RSA, I managed to time my toolsmith topic to correlate precisely; specifically, visualizing the recent Zeus attack against government and military. For the article I discuss NetGrok and AfterGlow; for the RSA presentation I'll be more focused on NetGrok and Maltego as the present more readily for a live audience. Now that "advanced persistent threat" or APT is the latest buzz word/acronym/phrase we can reminisce that good old Zeus was amongst the best and brightest of early APT adopters. ;-)
From the RSA presentation abstract:
The flood of raw data generated by intrusion detection systems (IDS) is often 0verwhelming for security specialists, and telltale signs of intrusion are sometimes overlooked in all the noise. Security visualization tools provide an easy, intuitive
means for sorting through the dizzying data and spotting patterns that might indicate intrusion…the presentation will focus on specific tools and methodology to aid you in establishing security data visualization practices in your environment.
From the article:
I’ll accentuate this theme as the crux of our toolsmith discussion this month while discussing NetGrok and After-Glow and additionally introduce timely sample analysis of the targeted Zeus bot attacks in early February against U.S. government institutions.
See how that all pulls together? ;-)
The article is here.
The RSA presentation is in Orange Room 306 at 10:10 on Friday, March 5.
If you're attending RSA, I hope to see you there.
del.icio.us | digg | Submit to Slashdot
Please support the Open Security Foundation (OSVDB)