Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Extracting signature snippets from AV databases

from [Nick FitzGerald] Network Security [Permanent Link]
Subject: RE: Extracting signature snippets from AV databases
Date: Thu, 11 May 2006 13:58:14 +1200 
Bill Stout wrote:


For internal testing we run publicly sourced live viruses and other
malware in an isolated locked room, where the only media that comes out
is shredded.

What I'm trying to figure out is how to 'smoke test' new builds, and to
ethically and fully demonstrate (to the CEO, to outsiders) that the
protection works.  We're in alpha test, and beta is approaching fast.


VMWare on a beefy laptop with no writable media drives and its 
ethernet, USB, FireWire, etc ports bunged up to ensure there were no 
accidents??

You'd want a machine with a removable drive bay so you could insert 
floppy/optical drives for reconfiguration, etc in the lab, or a machine 
with easily removable HDD that you could drop into a suitable chassis 
and connect to another machine in the lab as a slave drive...

That should give you a relatively safe, isolated multi-machine network 
with the carry-around convenience of a laptop.  You can then use _real_ 
samples so there should be no question that you may be faking something 
with your "demonstration malware".


Regards,

Nick FitzGerald
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Extracting signature snippets from AV databases, Clemens, Dan
Next by Date:  Re: RE: McAfee 8.0 crashing Dell D620's, Malick . sherkhan
Previous by Thread:  Re: Extracting signature snippets from AV databases, Kenneth Bechtel
Next by Thread:  RE: Extracting signature snippets from AV databases, Bill Stout
Indexes:  [Date] [Thread] [Top] [All Lists]