All video presented on PathSecurity are in the highest quality available, Load times may seem high, But I think its worth the wait… Get the Flash Player to see the wordTube Media Player.

USB-TestVM -> http://www.mediafire.com/?oydn0xngdlz VMware Player -> http://www.vmware.com/products/player/ VMware Player (DDL) -> http://download3.vmware.com/software/vmpla….5.3-185404.exe PLoP Bootmanager -> http://www.plop.at/en/bootmanager.html

Deny WAN HTTP/S to all systems except Proxy: !Permit HTTP port 80 traffic access-list 102 deny tcp any any eq 80 access-list 102 permit tcp any {proxy address} eq 80 !Permit HTTPS port 443 traffic access-list 102 deny tcp any any eq 443 access-list 102 permit tcp any {proxy address} eq 443 Deny WAN DNS to all systems except DNS server: access-list 101 permit tcp any any access-list 101 permit udp any any access-list 101 deny 53 any any access-list 101 deny 55 any any access-list 101 deny 77 any any access-list 101 deny 103 any any !— insert any other previously applied ACL entries here !—...

So you got one of the most interesting pieces of Malware I have every had the displeasure of doing IR on… Multi-Stage, evolving, silent… It seems to always come from drive-by attacks and silently waits for the C&C to provide instructions… I drops onto the system and creates a number of registry keys with difficult to anticipate keys, and files with semi random names. That can make it hard to find, but the one key you can count on appearing is, – HKCU\Software\Microsoft\Internet Explorer\Settings\Gateslist The most important thing you can do to prevent the spread of...