Author Archives: wikihead

About wikihead

A security freak

Threat Intel Program – Quick Reference

Cyber Attack Taxonomy Threat Intel Taxonomy Threat Intel Classification Strategic Operational Tactical The decision by a competitor or potential competitor to enter your market space (e.g. a foreign competitor’s new five-year plan now shows interest in developing a domestic capability … Continue reading

Posted in Resources, security, Security Management | Leave a comment

Intro to Event Stream Analysis (ESA) & Complex Event Processing (ESPER)

Exploring Event Driven Architectures with Esper https://www.infoq.com/news/2007/05/esper Event stream processing (ESP) monitors streams of event data, analyzing those events for matching conditions and then notifies listeners Complex event processing (CEP) allows the detection of patterns among events WHAT IS COMPLEX … Continue reading

Posted in Uncategorized | Leave a comment

Artifacts of a Malicious Traffic

While Investigating the Suspicious Traffic, it is important for an analyst to be clear what is really suspicious or not. Below are few artifacts an analyst can observe to conclude if it is malicious or not. ARTIFACTS OF MALICIOUS IP … Continue reading

Posted in security | Tagged , , , | Leave a comment

Callback IP List – 16/8/2012

76.89.34.249 72.64.7.218 180.252.254.254 68.11.109.233 129.219.58.25 78.137.161.116 50.81.200.245 173.19.2.108 207.255.241.104 173.30.234.10 208.157.180.50 72.188.70.228 66.55.89.150 201.51.3.12 112.121.178.189 2.180.53.52 108.162.40.50 78.21.199.217 94.249.188.62 72.218.128.8 68.169.130.253 99.250.220.29 151.25.5.119 88.254.254.254 88.253.254.254 74.194.104.238 87.97.119.9 72.213.131.9 1.83.113.212 99.66.12.13 173.216.128.155 83.249.254.254 75.133.57.195 117.254.254.254 74.219.99.6 98.124.25.14 178.202.35.2 93.184.100.116 87.29.249.57 85.197.78.132 … Continue reading

Posted in Uncategorized | Tagged | Leave a comment

ZeroAccess/Siresef Update

Until last week ZeroAccess/Siresef Infected hosts contacting C&C domain on ports 16464, 16465, 16470 and 16471. Currently it switched to port 34354 is now going on wild. Watch out your network for machines going on to internet ips on this … Continue reading

Posted in Uncategorized | Tagged | Leave a comment

New Mode of delivering Malware Payload by Exploit Kits

Huh… Exploit writers have come up with new mode of delivering malware payload. The current pattern of exploit kit is malicious webpage -> Exploit (Java/PDF/others) -> Exploits download the malicious executable. we have devised appropriate signatures for these patterns, malware … Continue reading

Posted in security | Tagged , , | Leave a comment

Raw Food recipes from Life Regenerator Dan

(http://www.regenerateyourlife.org/) Notes Compiled by Uma Mahesh Almond Coconut Yogurt Blend Mung Bean Salad Salad Sprouted Mung beans + kottimera + tomato + onions Salad Dressing Olive Oil + Orange Juice + Sea Salt Spicy Cabbage Almond Salad Salad Cabbage + … Continue reading

Posted in health | Tagged , , | Leave a comment