August 22, 2008 | Dominique Karg

NTop session query script

While coding the session monitor a couple of weeks ago I developed a quick script which could query ntop for session information. Jaime started using it for graphing now, so I thought it might be useful to soembody.   import sgmllib, re, sys import socket from sets import Set class MyParser(sgmllib.SGMLParser): "A simple parser class." def parse(self,…

August 20, 2008 | Jaime Blasco

3d Nmap

Here is a screenshot of a project I’m working on. The tool parse XML nmap scan files and shows an interactive 3d environment where you can inspect nmap scanning results. I’m developing with XNA (C#). I’ll will publish the code as soon as I fix some errors.   …

Get the latest
security news
in your inbox.

Subscribe via email

RSS

August 11, 2008 | Jaime Blasco

Last Scada OPC Nessus Plugins

We have released some new Nessus Plugins related to OPC Servers security issues. List of New OPC Nessus Plugins: Multiple vulnerabilities in Comsoft Profibus OPC server Multiple vulnerabilities in Beijer Electronics OPC server Multiple vulnerabilities in VIPA OPC server Multiple vulnerabilities in Gesytec Easylon OPC server 2.0 Multiple vulnerabilities in Junzhi BACnet OPC server Multiple vulnerabilities in IPCDAS NAPOPC OPC server …

August 11, 2008 | Jaime Blasco

New Scada OPC Nessus Plugins

Today we have released some new Nessus Plugins related to OPC Servers security issues. List of New OPC Nessus Plugins: Multiple vulnerabilities in KEPware KEPServerEx 4 OPC server   Multiple vulnerabilities in Triangle MicroWorks OPC Server 2.0.2 Multiple vulnerabilities in Comsoft L1 OPC server We’ll release new plugins related to OPC and Scada in general during the next weeks!!! …

August 6, 2008 | Jaime Blasco

An approach to malware collection log visualization

I have just published an article related to malware collection log visualization. The paper focus on visualization of Nepenthes logs using AfterGlow. In the paper you can find information about correlation ips with countries and binary files with ClamAV signatures with the goal of generating interesting graphs. Get it here …

August 6, 2008 | Jaime Blasco

Visualization of Api calls and Imported symbols of malware binary files

I’m developing a tool to extract interesting information from malware files with the goal of generating a relation graph. The tool extract api calls and imported symbols of binary files, I?ve make some interesting graph from malware files collected by Nepenthes. # # Jaime Blasco - jaime.blasco[at]alienvault.com # # Thanks to Jan Goebel # [Amun - low interaction…

August 6, 2008 | Jaime Blasco

Scada: OPC Nessus Plugins

During the development of the Free Nessus Feed we are writing some interesting plugins about Scada. Today we released some plugins relating to OPC (OLE for Process Control) Servers, OPC standard specifies the communication of real-time plant data between control devices from different manufacturers. List of OPC Nessus Plugins: Multiple vulnerabilities in NETxEIB OPC server CVE-2007-1313 Multiple vulnerabilities in…

August 6, 2008 | Jaime Blasco

Showing relation graph between nessus scripts and include files

I have make an interesting graph showing the relation between nessus scripts and include files   …

August 6, 2008 | Dominique Karg

Plugin GPG signature verification script

Just had to write a quick script in order to regularly check the repository, wanted to share it. for i in *.asc; do gpg—verify $i 2>/dev/null; if [ $? == 1 ]; then echo; echo “Bad Sig: $i”; read; else echo -n “.”; fi; done …

May 15, 2008 | Dominique Karg

New Forums

I’m proud to announce the avilability of our brand new forum infrastructure. We were getting really tired in the end by the lack of features of the sf.net forums, so we decided to setup FUDForum on ossim.net I for myself am very motivated by this changes, I was getting crazy with the old environment and promised…

March 17, 2008 | Dominique Karg

You are invited to take part in The Google Summer of Code(tm) 2008

Yay ! we’re proud to announce that ossim has been chosen to take part int he google summer of code program. Brian, now it’s your turn 😉. I’ll post another entry when we’ve got more information about how this works. Congratulations! Your organization "OSSIM: Open Source Security Information Management" has been accepted in to the Google…

March 11, 2008 | Dominique Karg

Tutorial 6: Plugin writing primer

A couple of days ago I was fixing the fortinet/fortigate with the kind help of a Swiss OSSIM user (thanks Mikael 😉 ) and I wrote this little piece of python in order to help me out with it. Now I’m using it a lot to debug plugins so I guess more people could benefit from this…