Raw Food recipes from Life Regenerator Dan


Notes Compiled by Uma Mahesh

  1. Almond Coconut Yogurt


Mung Bean Salad


Sprouted Mung beans + kottimera + tomato + onions

Salad Dressing

Olive Oil + Orange Juice + Sea Salt

Spicy Cabbage Almond Salad


Cabbage + Almond

Salad Dressing

Apple Cider Vinegar + Honey + Garlic Powder

+ Pandu Mirapakai Karam + Saindhava Lavanam

Seseme tahini

Salad Dips


1 cup Sesame seeds + 4 cloves of garlic + Zucchini +

Dates + Lemon (/Orange) + Water(/Coconut water)


Carrot , Broccoli, Calliflower, any veggie

Coconut Almond Yogurt & Avacado Dressing

Salad Dressing


Basil/kottimera (Any herb) +

Coconut Almond Yogurt +

Dates +Garlic Cloves + Saindava Lavanam)

+ Pandu Mirapa (If required hot)


    Lettuce (Any Leafy Veggie) + Sprouts + Onion + Cucumber

Raw Tacos

Cilantra -> Kottimira

Salad Base (Taco Meat)


    Walnutes + Cumin + Paprika + Sea Salt

Salad Cheese

Sprouted pumpkin seeds + Nutritional Yeast

Gaucamole Salad

Salad Dressing


(Tomatos + Onions + Garlic + Chili + Kottimera)

+ Avacado + Corn


Zucchini slices

Butternut Squash Pasta

Blend (Squash Pasta)

    Tomatos ( + Sun Dried Tomatoes) + Kottimira + Olive oil

+ lemon + garlic + sea salt + oregano + (All Herb Powders)


Gummadikayi noodles (Shredder (gummadikai) )

Mango Dill Jalapeno Dressing

Blend (Dips)

    Mangoes + Mint Leaves + Pachimirapakai


Romaine Lettuce

Butternut Squash Pudding


Pumpkin + Coconot almond yogurt + protein powder + cinnamon

Posted in health | Tagged , , | Leave a comment

Business case to convince Management for Security Incident Response center

Today i am reading through mandiant document named ‘Planning for Failure”. It contains real data that emphasizes on breaches and necessity to plan for failure to protect. For any company or security consultancy that real data can be used for business case for getting budget for security. Hence i am including that document here.


This document can also be helpful to CISO to show to management and startup guidelines to initiate building up Incident Response Center.



Posted in Articles, Security Management | Tagged , | Leave a comment

PCI Compliance Dashboard guiding PCI Compliance journey

A well composed guide for PCI Compliance,
it includes “SANS Top 20 Critical Security Controls” and many others.

It helps giving simple and clear guidelines for ensuring security for any organization irrespective of PCI compliance mandate.

It can be downloaded from https://community.rapid7.com/docs/DOC-1512

Posted in Articles, Resources, Security Management | Tagged | Leave a comment

ZeroAccess Rootkit Detection


A quick short overview of ZeroAccess Rootkit, The malware Propagates via Exploit packs (blackhole) and Keygens.
It escalates priveliges by faking UAC for Flash Player installer where in it drops malicious dll filer in the flashplayer installer directory which will be loaded instead of legitimate dll file in system root directory (old flaw in windows). As user accepts the UAC thinking its a genuine flash player installation, Zero access rootkit is installed as bonus.

It lowers security of infected machine by disabling Windows Security Services. It also replaces driver files in system root directory.

It then downloads config file from algorithm generated domain whose tld is .cn and downloads the config file.

It communicates to P2P botnet using commands “getL”, “getF”, “srv?”

In order to detect the config file request, i analyzed the URL which are cn domain and domain name is non readable such as pnwjogba.cn, moayuetc.cn. Also As i tested sample set of ZeroAccess Rootkit domians on Bluecoat, These domains fall into below categorization ‘Suspicious’ , ‘Malicious Sources’,”Malicious Botnets”,’none’.
As the domains are generated there is good probability that there is no rating for those domains.

Our TakeAways:
1) As P2P communication is not on 80,443 which will be blocked on any organizations network, damage will be reduced.
2) I have included below Pattern to Suspicious URL Pattern Query.
(web_host like ‘%.cn’ and url like ‘%.php?_=%’ and (“filter” like ‘Suspicious’ or “filter” like ‘%Malicious%’ or “filter” like ‘none’))

3) I would recommend to block suspicious domains such as .cn, .ru, .cc, .su whose Proxy rating as “none”

Ref: https://www.kindsight.net/sites/default/files/Kindsight_Malware_Analysis-ZeroAcess-Botnet-final.pdf
The ZeroAccess rootkit

Posted in Uncategorized | Tagged , , | Leave a comment

Leaveraging Third Party Intelligence to protect your organization

While Having a good traditional secure architecture is important and also very important to have Third Party intellegence to foster security of your organization.
Gone are the days reactive security handling protect your organization. Being proactive is highly needed and critical.

Below are few ways to initiate threat intelligence for your organization to start with.
Verify your organization’s risk to the critical active threats as early as you are aware.

Requirement for third party Intel to figure out below threats

1) SPAM campaigns distributing Malware
2) Phishing campaigns.

3) Active and Critical Threats
4) Zero-day Threats

http://spamalysis.wordpress.com/ – It contains SPAM threat emails everyday.
Fulfils (1) and (2) Requirements
Frequency: 0-4 posts / day
Subscribe the email address to this blog
Create a case for each blog post and follow SPAM Handling Process

http://blog.dynamoo.com/ – It contains SPAM threat emails everyday.
Fulfils (1) and (2) Requirements
Frequency: 1-4 Posts / day
Subscribe the email address to this blog
Create a case for each blog post and follow SPAM Handling Process

http://blog.fireeye.com/research/ – Fireeye is actively researching on Internet Threats. The blog contains summary of threat research
Fulfils (3) and (4) Requirements
Frequency: 1-4 posts / month
Subscribe the email address to this blog
Review every blogpost feed received,
If any IOC can be obtained from the blogpost create a case and work. Otherwise Ignore

http://contagiodump.blogspot.com/ – Analysis of Malware samples of actively distributed
Fulfils (1), (3) requirements
Frequency: 2-6 posts / month
Subscribe the email address to this blog
Create a case for each malware sample analysis post and identify IOC from analysis and identify infected machines

http://isc.sans.org/ – SANS blog of Incident Handlers (A MUST be aware)
Fulfils (3) and (4) Requirements
Freqency: 0-2 posts/day
Configure one of your monitoring screen to this blog post or atleast your threat intelligence team member to look into daily.

http://www.shadowserver.org – Threat research intelligence (botnets and malware)
Third party intelligence Report of compromised devices on our network

Compromized Host Report – Daily
C&C Report – Weekly
More reports to review if required – http://www.shadowserver.org/wiki/pmwiki.php/Services/Reports

Get Subscription with it
More info: http://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwork
To request a free subscription to The Shadowserver Foundation’s ASN/netblock reporting service, send an email from your organization’s email account to admin ** shadowserver.org
Please provide the following information:
• Full Name (and we need to have a real person, not just an organizational contact)
• Organization
• Networks of responsibility by ASN or CIDR (ASN is always better) – Do not list your ISP’s AS or networks, list only your own that you directly control)
• Email address(es) of the report recipients
• Phone number of contact
• Contact information for verification – Examples of this would be alternative contact information, other responsible groups in your organization, network validation links, etc.
C&C Report
o We can run against GP to identify infected hosts weekly.
o Feed Informer (I believe if this can be done)

Note: If we could contact member of shadowserver.org research group and get his feed of their communications, it would be highly helpful that fulfils Requirement (4) i.e.,Zero-day threats.

Be Aware and stay protected. 🙂

Posted in Articles, security, Security Management, Uncategorized | Leave a comment

A Way to get private information out of Europe

As a security incident responder,EU Privacy laws is always a barrier dealing with a security incident involving a device/person in Europe. It sucks.
US Safe harbor is a way to get that information legally where in your organization which is in US has to be Certified (self or third party) to follow US Safe Harbor Framework to ensure below principles.
Notice – Individuals must be informed that their data is being collected and about how it will be used.
Choice – Individuals must have the ability to opt out of the collection and forward transfer of the data to third parties.
Onward Transfer – Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.
Security – Reasonable efforts must be made to prevent loss of collected information.
Data Integrity – Data must be relevant and reliable for the purpose it was collected for.
Access – Individuals must be able to access information held about them, and correct or delete it if it is inaccurate.
Enforcement – There must be effective means of enforcing these rules.

However, Its not easy. It involves lot of cost setting up a secure environment.This where many companies fails to recertify every year. As per galexia.com,Only 348 organisations passed this Compliance to a good degree.

In today’s world, security is very important you can take pride to boost confidence to your client, your money pocket.

Posted in Articles, Security Management | Tagged , , | Leave a comment

Superb Automated Malware Binary Analysis Service – Figure out what malware does in minutes

These days, malware are VM aware to defend against automated analysis tools such as anubis, cukoo. And these automated analysis are based on behaviour analysis of malware that gives only tip of what actually it does as they are now intellegent and donot reveal at one instant. I am not at all satisfied with the automated analysis report i see these days.

Static analysis of unpacked malware provides much better picture of its capabilities and here is the a nice tool for this need.

This is superb service, i need not be a reverse engineer however with some little technical knowledge i can figure out hostile info and what the malware does based on API Calls, Control flow and Its Capabilities in Graph view.
It tracks the malicious process via the system call interface to identify where malware unpacked itself and then dumped for dissesmbly for analysis.

A great magic wand to help any organization if they can’t afford a malware researcher.
Thanks to its development team 🙂

Posted in Articles, Notes, security | Tagged , , | Leave a comment