The Practice of Network Security Monitoring Understanding Incident Detection and Response (Richard Bejtlich) (z-lib[.]org)[.]pdf

Sharing

Copy URL

Twitter E-mail

General

Target

The Practice of Network Security Monitoring Understanding Incident Detection and Response (Richard Bejtlich) (z-lib.org).pdf
Size

17.4MB
MD5

6fe502a5b5e89925110b933071282b4e
SHA1

937c34e6095233d6ee4df21e6e45c6910a4962d4
SHA256

60511c442b2bfcb69a91c75aa165409dd879f9b998fa2879ab9a706f5413eeb4
SHA512

96d5ef07e48a3feab4074ce25735f56a800e1df0ad9aef4d5e78da39c7abde15afc388f57aadb53811830bed4f810bb2e03f279d6c5793bb71fd05e84f800773
SSDEEP

393216:gsAFsLMzWyB6PKVVInOD2t9rA18OScqTcM:gy8WyB6S/2t+Evv

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Files

The Practice of Network Security Monitoring Understanding Incident Detection and Response (Richard Bejtlich) (z-lib.org).pdf
.pdf
- http://www.amazon.com/Joel-Scambray/e/B001IR3C4U/ref=ntt_athr_dp_pel_2
- http://www.amazon.com/George-Kurtz/e/B001ITTL6Q/ref=ntt_athr_dp_pel_3
- http://www.robtex.com
- http://www.testmyids.com
- http://taosecurity.blogspot.com/2011/12/become-hunter.html
- http://nostarch.com
- http://taosecurity.blogspot.com
- http://www.taosecurity.com/bejtlich_visscher_techtarget_webcast_4_dec_02.ppt
- http://securityonion.blogspot.com
- http://twitter.com/taosecurity/
- http://taosecurity.blogspot.com/2005/04/where-in-world-is-winn-schwartau-if.html
- http://governor.sc.gov/Documents/MANDIANT%20Public%20IR%20Report%20-%20Department%20of%20Revenue%20-%2011%2020%202012.pdf
- http://www.wspa.com/story/21512285/how-will-sc-pay-for-security-breach
- https://www.mandiant.com/resources/m-trends/
- http://www.nist.gov
- http://www.nist.gov/itl/csd/monitoring-012412.cfm
- http://.blogspot.com
- http://taosecurity.blogspot.com/2009/11/
- http://www.netoptics.com
- http://www.law.cornell.edu/uscode/text/18/2511#2_a_i/
- http://www.law.cornell.edu/uscode/text/18/2511#2_d/
- http://leg1.state.va.us/cgi-bin/legp504.exe?000+cod+19.2-62
- http://.testmyids.com/,
- http://www.testmyids.com/,
- http://www.testmyids.com/.
- http://testmyids.com
- http://www.wireshark.org
- http://www.xplico.org
- http://www.bro.org
- http://www.qosient.com/argus/
- http://www.sguil.net
- http://www.ripe.net/db/support/db-terms-conditions.pdf%
- http://whois.tucows.com
- http://domainhelp.opensrs.net
- http://net-host.co.uk
- http://123-reg.co.uk
- http://www.snort.org
- http://suricata-ids.org
- http://www.snorby.org
- http://.testmyids.com
- http://nsmwiki.org
- http://code.google.com/p/security-onion/wiki/MailingLists
- http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml.
- http://www.juniper.net/techpubs/en_US/junos10.1/topics/usage-guidelines/policy-con
- https://support.dell.com/support/edocs/network/5p788/clig/mirror.htm.
- http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/
- http://www.ubuntu.com
- http://xubuntu.com
- http://ssh_host_ecdsa_key.pub/etc/ssh/ssh_host_dsa_key.pub
- http://ssh_host_rsa_key.pub
- http://ssh_host_ecdsa_key.pub
- https://launchpad.net/~securityonion/.
- http://www.ubuntu.com/download/server/.
- http://taosecurity.com
- https://help.ubuntu.com
- http://securityonion.blogspot.com/.
- http://www.chiark.greenend.org.uk/~sgtatham/putty/
- https://code.google.com/p/security-onion/wiki/Firewall
- http://pastebin.com/YFqNaVi3/.
- http://code.google
- http://www.tcpdump.org
- http://svnweb.freebsd.org/base/vendor/tcpdump/4.3.0/CREDITS?revision=241212&view=markup
- http://ubuntu.com
- https://isc.sans.edu/portreport.html
- http://www.wiresharkbook.com/.Running
- http://www.owneriq.com
- http://www.digitalcorpora.org
- http://digitalcorpora.org/corpora/scenarios/nitroba-university
- http://digitalcorpora.org/corp/nps/packets/
- http://googlevideo.com
- http://sourceforge.net/projects/networkminer/
- http://www.netresec.com
- http://taosecurity.blogspot.com/2006/09/port-independent-protocol
- http://www.mono-project.com
- http://nitroba.org
- http://yahoo.com
- http://www.ossec.net
- http://www.ossec.net/doc/.
- https://github.com/gamelinux/prads/
- http://oracle.com
- http://www.squertproject.org
- https://github.com/int13h/squert/blob/master/COPYING/
- https://github.com/Snorby/snorby/blob/master/LICENSE
- https://github.com/int13h/capme
- https://itunes.apple.com/us/app/snorby/id570584212?mt=8/
- https://www.threatstack.com
- https://code.google.com/p/enterprise-log-search-and-archive/
- http://enterprise-log-search-and-archive.googlecode.com/svn/trunk/
- http://www.balabit.com/network-security/syslog-ng/
- http://sphinxsearch.com
- http://com.apple
- http://computer-forensics.sans.org/summit-archives/
- http://redteamjournal.com/about/red-teaming-and-alternative-analysis/
- http://www.f-response.com
- http://computer-forensics.sans.org/blog/author/mpilkington.
- http://www.mandiant.com/resources/m-trends/
- http://papers.rohanamin.com/wp-content/uploads/papers
- http://.rohanamin.com/2011/08/iciw2011.pdf
- http://www.mandiant.com/apt1/.
- http://.mandiant.com/apt1/
- http://detect-respond.blogspot.com
- http://taosecurity.blogspot.com/2009/06/information-security-incident.html
- http://taosecurity.blogspot.com/2009/06/extending-information-security-incident
- http://veriscommunity.net
- http://taosecurity.blogspot.com/2008/01/defensible-network-architecture-20
- http://www.nhc.noaa.gov/aboutnames
- http://www.mandiant.com/apt1/
- http://.blogspot.com/2011/12/become-hunter.html.
- http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html
- http://metasploit.com
- http://sourceforge.net/projects/metasploitable/
- http://www.google.com
- http://2.3.168.192.in-addr.arpa
- http://remote_location.country
- https://github.com/simsong/tcp
- http://www.metasploit.com
- http://import.pl
- https://code.google.com/p/enterprise-log-search-and-archive/source/browse/trunk/elsa/node/import.pl/
- http://daisy.ubuntu.com
- http://labhl2pekjmnzoaoteostk4ms4xfhzma.practicalnsm.com
- http://vaaaakat2v2.practicalnsm.com
- http://yrb5fo.practicalnsm.com
- http://.practicalnsm.com
- http://xebz7.practicalnsm.com
- http://xdfcc.practicalnsm.com
- http://xdb.practicalnsm.com
- http://practicalnsm.com
- http://MemoryBufferURLStreamHandler.............getFiles...java/lang/Class........java/lang/Object.....Listing
- http://keylog.sh
- https://help.ubuntu.com/SRC:SRC:
- http://pic.twitter.com/mD4y6eIiqF.
- http://download.cdn.mozilla.net
- http://mozilla.org/firefox
- http://www.mozilla.org/en-US/products/download.html?product=firefox-20.0&os=win&lang=en-US
- http://download.cdn.mozilla.net/pub/mozilla.org/firefox/releases/20.0.1/win32/e
- http://www.virustotal.com
- http://.greenend.org.uk/~sgtatham/putty/download.html
- http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
- http://ftp.chiark.greenend.org.uk/users/sgtatham/putty-latest/x86/putty
- http://the.earth.li
- http://ftp.chiark.greenend.org.uk
- http://the.earth.lithe.earth.li
- http://46.43.34.31the.earth.li
- http://900dthe.earth.li
- http://mail.the.earth.li
- http://ftp.chiark.greenend.org.ukftp.chiark.greenend.org.uk
- http://org.uk.service-name.chiark.greenend.org.uk
- http://212.13.197.229service-name.chiark.greenend.org.uk
- http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
- http://80_resp_2.data
- http://www.implbits.com/hashtab.aspx
- http://example.com
- http://38177_1.data
- http://.microsoft.com/en-us/sysinternals/bb897441.aspx
- http://www.etree.org/cgi-bin/counter.cgi/software/md5sum.exe--2013-04-18
- http://www.etree.org/cgi-bin/counter.cgi/softwa
- http://www.etree.org
- http://www.etree.org/cgi-bin/counter.cgi/software/md5sum.exe
- http://.openioc.org
- https://github.com/sethhall/bro-apt1/
- http://advanbusiness.com
- http://subdomain.advanbusiness.com
- http://www.virtuallythere.com
- http://aoldaily.com
- http://aolon1ine.com
- http://applesoftupdate.com
- http://github.com/sethhall/bro-apt1.git
- http://advanbusiness.comadvanbusiness.com
- http://50.63.202.91advanbusiness.com
- http://smtp.secureserver.net.advanbusiness.com
- http://mailstore1.secureserver.net
- http://usiness.com
- http://anbusiness.com
- http://business.com
- http://mtp.secureserver.net
- http://remote_location.city
- http://metric_index.host
- http://metric_index.network
- http://www.team-cymru.org/About/
- http://www.team-cymru.org/Services/MHR/
- http://733a48a9cb49651d72fe824ca91e8d00.malware.hash.cymru.com
- http://1e39efe30b02fd96b10785b49e23913b.malware.hash.cymru.com
- http://hash.cymru.com
- http://.malware.hash.cymru.com
- http://.cymru.com
- http://www.taosecurity.com/helpdesk.exe
- http://www.taosecurity.com
- http://b4f990cad1d20efab410e98fc7a6c81b.malware.hash.cymru.com
- http://b4f990cad1d20efab410e98fc7a6c81b.malware.hash.cymru
- http://www.pfsense.org
- http://www.squid-cache.org
- http://www.bejtlich.net
- http://www.taosecurity.com/training.htmlConnection:
- http://www.w3.org/1999/xhtml
- http://www.taosecurity.com/training.htmlVia:
- http://taosecurity.com/training.html
- http://www.taosecurity.com/training.html
- http://Salesforce.com
- http://www.salesforce.com
- http://www.heroku.com
- https://aws.amazon.com/ec2
- http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf.
- http://www.threatstack.com
- http://www.packetloop.com
- http://digitalcorpora.org/corpora/scenarios/m57-patents-scenario/
- http://www.cloudshark.org
- http://www.qacafe.com
- http://packetlife.net/captures/protocol/dns/
- http://www.securixlive.com/nsmnow/docs/index.php
- http://securixlive.com
- http://changed.sguild.email
- http://securityonion.co
- http://bpf.co
- http://securityonion.blogspot.com/2011/10/when-is-full-packet-capture-not-full.html
- http://entries.auto
- http://189www.testmyids.com
- http://nostarch.com/nsm/
- Show all