United States: HBGary Unveils Actionable Intelligence Program For Malware.Byline: Mamta03 HBGary, Inc., the leader in threat intelligence and malware analysis, today announced REcon, an innovative technology that records and graphs malware behavior at runtime so organizations can extract critical data from unknown executables. "REcon represents the most complete tool to recover actionable intelligence Having the necessary information immediately available in order to deal with the situation at hand. With regard to call centers, it refers to agents having customer history and related product data available on screen before the call is taken. from malware, including how the malware installs and survives reboot To reload the operating system, which restarts the computer. See boot. (operating system) reboot - (From boot) A boot with the implication that the computer has not been down for long, or that the boot is a bounce intended to clear some state of wedgitude. See warm boot. , communicates to the Internet, the contents of decrypted buffers, and bypassing executable packing," said Greg Hoglund, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. and founder of HBGary. Malware is growing increasingly complex and it's difficult to analyze with a variety of tools that are cobbled cob·ble 1 n. 1. A cobblestone. 2. Geology A rock fragment between 64 and 256 millimeters in diameter, especially one that has been naturally rounded. 3. cobbles See cob coal. tr. together. REcon, in conjunction with HBGary's Responder Professional, provides incident response teams a single tool that is forensically sound and easy to use. This new technology allows small security teams to automate analysis (typically outsourced in the past) giving them run-time information. For larger teams, it allows a deeper analysis and the ability to quickly correlate pertinent streams of information. REcon's performance outclasses everything that is currently available in the market, operating orders of magnitude faster than any other known tracing solution. REcon is so fast that users can still interact with a program's GUI (Graphical User Interface) A graphics-based user interface that incorporates movable windows, icons and a mouse. The ability to resize application windows and change style and size of fonts are the significant advantages of a GUI vs. a character-based interface. while at the same time single-step recording every instruction in that program - something that has never been possible before now. REcon supports advanced performance features when on native hardware, such as the use of the branch-trace mode on Intel processers. REcon can record the entire lifecycle of a software program, from the first instruction to the last. All behavior is recorded, including all loaded DLL's, plugins, browser helper objects (BHO's), file system activity, network activity, and registry access. Users can configure additional tracks of data to be recorded in almost limitless ways. Any function point can be recorded, including DLL (1) See data link layer. (2) (Dynamic Link Library) An executable program module in Windows that performs one or more functions at runtime. DLLs are not launched by the user; they are called for by an executable program or by other DLLs. exported functions, and internal undocumented functions (aka API-spy type capability). Users can control the sampling behavior, including number and type of arguments to a call. The full control flow graph A pictorial representation of the logic in a software module. The module must have an entry and exit point and be callable by another program. is recovered for a program, including all basic blocks and branch conditions, even branches not taken. The opcodes, top of stack, and register context can be captured at a single-step resolution. This allows the recovery of packed executables, such as those packed by ASProtect, ASPack, Armadillo armadillo (är'mədĭl`ō), New World armored mammal of the order Edentata, a group that also includes the sloth and the anteater, characterized by peglike teeth without roots or enamel. , UPX UPX Ultimate Packer for eXecutables UPX Ulead Photo Express , and even Themida. REcon operates entirely in kernel mode and remains hidden from many anti-debugger checks, including checks for kernel mode debuggers. Beyond the recording capabilities, the data itself can be graphed and replayed in HBGary Responder Professional. A new track-control has been added to the graph that allows the user to interact with the recorded program timeline similar to the way they might interact with a recorded video or audio track. The user can graph individual tracks of behavior (such as networking), or Copyright : Euclid Infotech Pvt. Ltd. Provided by Syndigate.info an Albawaba.com company |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion