Comments for Sharpe Security Blog

Comment on Volatility Framework 2.0 Released by David Sharpe

David Sharpe — Mon, 19 Sep 2011 00:33:40 +0000

Volatility can’t, but I hear Voltage (used within Terremark) from the same original Volatility developer can.

Comment on Volatility Framework 2.0 Released by B

Sun, 18 Sep 2011 16:26:33 +0000

Can volatility perform analysis of a live system without doing a complete memory dump first? If you’re going to use it in the enterprise to look for indicators of compromise, I think it would be useful to be able to sample live memory instead of trying to manage 2gb+ dumps from hundreds or thousands of systems.

Comment on Mozilla Firefox 6.0 and 3.6.20 Released by Francois

Francois — Wed, 17 Aug 2011 16:23:10 +0000

I wish they would stop breaking addons between their releases. Because of that, I know not everyone will upgrade regardless of the fact that this is also a security fix.

Comment on Volatility Framework 2.0 Released by Me

Me — Mon, 15 Aug 2011 22:46:53 +0000

Digital DNA is what makes it slick. I’m less of a fan of RP than I am of Active Defense. Try running Violatility on 100s of systems at once…

Comment on Oracle July 2011 Patches Released by sai krishna

sai krishna — Thu, 11 Aug 2011 12:18:28 +0000

If u provide patch id and number i will be very grateful to u

Comment on Oracle July 2011 Patches Released by sai krishna

sai krishna — Thu, 11 Aug 2011 12:16:50 +0000

what’s the patch numbers released in the month of july and april

Comment on Volatility Framework 2.0 Released by Greg Hoglund

Greg Hoglund — Mon, 08 Aug 2011 18:51:58 +0000

David,

Devastating blow? You may not know that HBGary released a free version of Responder at the CEIC conference earlier this year. We support the community and have made the CE version available for training as well. You should also know that the free version of Responder supports:

32bit Windows ALL VERSIONS, ALL SERVICE PACKS (excluding NT4.0)
64bit Windows ALL VERSIONS, ALL SERVICE PACKS

Responder CE also supports scripting and comes with the source code to a command-line version that you can customize at will. I hope this helps.

-Greg Hoglund
http://www.hbgary.com

Comment on Volatility Framework 2.0 Released by Tim S

Tim S — Sat, 06 Aug 2011 10:06:27 +0000

While I’ve historically been a huge fan of Volatility & Mandiants free tools, I just cant help but point out the elephant in the room. Where is the 64-bit support? All the large hardware manufacturers don’t even sell 32-bit hardware anymore and virtually all new machines have been shipping with 64-bit operating systems since last year.

Am I missing something?

Comment on Volatility Framework 2.0 Released by Anonymous

Anonymous — Sat, 06 Aug 2011 05:00:19 +0000

True. How can you justify 60,000 for a corvette when you can build a boxcar out of plywood in your garage for free?

Same basic idea.

Comment on Scant Facts Regarding Lockheed’s VPN System Takedown by dio

dio — Mon, 30 May 2011 05:10:30 +0000

uhhhhhm The smart card has been cracked, Mr. Brilliant. Reference Mandiant’s M-Trends 2011 issue and note the smart-card proxy capabilities our adversaries have implemented with wide ranging success. That was the first pillar. When organizations started using RSA in response to threats, they took down that pillar of defense as well. Wake up. Until the actors are made to suffer retributive and punitive punishing attacks for their efforts, nothing will change.