Category: Tools

What would you say…you do here?

Even though a lot of people know where I’m working (CloudPassage) not everyone understands exactly what it is we do. Robert Scoble made an excellent video with our VP of Product Management, Rand Wacker, that concisely explains our product and its capabilities. As such, I figured it’d just be easier to post the video and refer people to it for the short term 🙂

P.S. Bonus points if you remember the movie that my blog post title is quoted from 😉

Introducing The Open Event Log Project

OELThe Open Event Log (OEL) Project was conceived by Andrew Hay in May 2006 as a repository for system/server/application event logs to aide in incident response and forensic analysis. Many tools are now available to assist the analyst in interpreting event logs but a better understanding of the logs, as well as samples, were lacking. Most vendors post their event log specifications but it helps to have a central location that displays samples of these logs.

The ultimate goal of this site is to educate users on proper event log collection and analysis techniques which goes hand in hand with our motto: “No log left behind!”

Please note that there is no corporate backing of this site in order to remain as independent as possible.

Each device/application will display the following information to help the community:

  • Log Sample
  • Log Description
  • How To Enable Logging
  • Regular Expression Matching

An example of this format can be seen with the Juniper NetScreen entry here: http://www.openeventlog.com/index.php/Juniper_NetScreen

I’d appreciate any feedback you might have and invite you to contribute as much as possible.

MS Windows Vista forged ARP packet Network Stack DoS Exploit

omgI’m not sure how recent this is but Daniel Cid brought it to my attention.

Description: Microsoft Windows Vista (SP0) dumps interfaces when it receives this ARP packet. This DoS is useful for an internet cafe, wireless venue, or legitimate local attack. The victim will need to manually refresh their network interface. OK, sure it’s a dumb local attack, but why does Vista disable iface!?!??

The python code can be found here: http://www.milw0rm.com/exploits/3926

Try it out, it’s kind of…well…disturbing.

Scroll to top