Showing posts with label Intrusion Detection. Show all posts
Showing posts with label Intrusion Detection. Show all posts

Wednesday, February 5, 2014

[WormTrack] Detection of scanning worms, and machine scans



A Network IDS which allows detection of scanning worms on a Local Area Network by monitoring of anomalous ARP traffic. This allows detection of scanning threats on the network, without having a privileged access on a Switch to set up a dedicated Monitor PORT, nor does it require a constant updating of the rules engine to address new threats.



Posted by at No comments:
Labels: , , , , ,

Monday, January 20, 2014

[MIDAS] Mac Intrusion Detection Analysis System

MIDAS is a framework for developing a Mac Intrusion Detection Analysis System, based on work and collaborative discussions between the Etsy and Facebook security teams. This repository provides a modular framework and a number of helper utilities, as well as an example module for detecting modifications to common OS X persistence mechanisms.

The MIDAS project is based off concepts presented in Homebrew Defensive Security and Attack-Driven Defense, as well as lessons learned during the development of the Tripyarn and BigMac products.
Our mutual goal in releasing this framework is to foster more discussion in this area and provide organizations with a starting point in instrumenting OS X endpoints to detect common patterns of compromise and persistence.

Posted by at No comments:
Labels: , , , , , ,

Monday, December 23, 2013

[Suricata 1.4.7] Open Source Next Generation Intrusion Detection and Prevention Engine


The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.

OISF is part of and funded by the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as through the very generous support of the members of the OISF Consortium. More information about the Consortium is available, as well as a list of our current Consortium Members.

The Suricata Engine and the HTP Library are available to use under the GPLv2.

The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of Mod Security fame for the OISF. This integrates and provides very advanced processing of HTTP streams for Suricata. The HTP library is required by the engine, but may also be used independently in a range of applications and tools.


Posted by at No comments:
Labels: , , , , , , ,
Subscribe to: Comments (Atom)