R-fx Networks

Tag: atf

Tracking & Killing Bot Networks

by on Aug.17, 2010, under My Blog

In a previous blog I discussed how one of the more enjoyable parts of my day-to-day malware rituals also involves the tracking and killing of command and control bot networks. Recently I have begun automating this process a bit; I have created a series of scripts that extract irc servers, port numbers and channels from […]

1 Comment :, , more...

ATF v2: Weighted Threats

by on Aug.14, 2010, under Development, My Blog

When I first introduced you all to the Aggregate Threat Feed back in May, it was a much smaller feed with very simple ambitions — pulling together threat data at work from our network edge and host based firewalls and aggregating the data into a usable feed. The actual intention being that as an attacker […]

Leave a Comment : more...

Out with the old, In with the new!

by on May.06, 2010, under My Blog

The old theme was doing my head in, so I ditched it. Keep an eye out in the coming days/weeks for new releases of APF & BFD in addition to a few more howto entries and the release of maldetect with a ATF stats landing page.

1 Comment :, , , more...

(ATF) Aggregate Threat Feed

by on May.02, 2010, under Development

For my first post back into things in awhile (a long while), I thought I would introduce everyone to the sexyness that i’ve called the Aggregate Threat Feed or ATF for short. This feed is derived from threat data at work, namely our network edge IPS (a custom snort implementation, another post on that later) […]

2 Comments :, , more...

Looking for something?

Use the form below to search the site:

Site Links

A few links to navigate our site quicker...