Ready to Start Your Career?
January 1, 2016
CERTITUDE - AN OPEN-SOURCE AND AGENTLESS COMPROMISE ASSESSMENT TOOL
January 1, 2016
USAEuropeAsiaTrainingsArchivesSponsorshipsPressAbout Black Hat: Mailing ListBlack Hat: Mailing ListBlack Hat: facebookBlack Hat: facebookBlack Hat: twitterBlack Hat: twitterBlack Hat: LinkedInBlack Hat: LinkedInBlack Hat: YoutubeBlack Hat: YoutubeBlack Hat: Google PlusBlack Hat: Google PlusBlack Hat: FlickrBlack Hat: Flickr Black Hat Home ALL TOOLS PRESENTERS CERTITUDE - AN OPEN-SOURCE AND AGENTLESS COMPROMISE ASSESSMENT TOOL Jean Marsault Vincent NGUYEN Location: Business Hall, Arsenal Station 5 Date: Wednesday, December 6 | 1:30pm-3:05pm Track: Data Forensics and Incident Response Session Type: Arsenal CERTitude is a Python-based tool which aims at assessing the compromised perimeter during incident response assignments. It allows analysts to perform large scale scans of Windows-based information systems by searching for behavioural patterns described in IOC (Indicator of Compromise) files. Notable features include: Ability to scan hosts in a way that prevents the target workstation from knowing what the investigator is searching for Ability to retrieve some pieces of data from the hosts Multiple scanner instances (for IOCs and/or hash scans) can be run at the same time for parallel scanning Built with security considerations in mind (protected database, secure communications with hosts using IPSec) UBM Tech Technology Group Black Hat Content Marketing Institute Content Marketing World Dark Reading Enterprise Connect Fusion GDC Gamasutra HDI ICMI InformationWeek Interop ITX Network Computing No Jitter VRDC COMMUNITIES SERVED Content Marketing Enterprise IT Enterprise Communications Game Development Information Security IT Services & Support WORKING WITH US Advertising Contacts Event Calendar Tech Marketing Solutions Contact Us Licensing