Nice new security tool: Mandiant Red Curtain
Sunday, 19. August 2007, 14:33:47
Mandiant Red Curtain
http://www.mandiant.com/mrc
A tool to manually scan folders or files for suspicious criteria, such as entropy/randomness, binary packing, compiler signatures, digital signatures, and other characteristics that generate an overall threat score. While not fool-proof, it does find some interesting files -- especially on computers used by kids.
Note: Mandiant Red Curtain requires Microsoft .NET Framework 2.0
BTW, to obtain a sanity check of Mandiant's file scoring, submit individual file samples (those marked red in Mandiant with high scores) to...
VirusTotal
http://www.virustotal.com/
...which further scans them using 32 separate virus scanning engines with their latest signature DATs.
Note: Opera binaries are packed using ASPack, and are not digitally signed with a code-signing certificate, which apparently qualifies them as yellow in Mandiant. Obviously, you can ignore Mandiant's ranking of Opera binaries.
Enjoy.
http://www.mandiant.com/mrc
A tool to manually scan folders or files for suspicious criteria, such as entropy/randomness, binary packing, compiler signatures, digital signatures, and other characteristics that generate an overall threat score. While not fool-proof, it does find some interesting files -- especially on computers used by kids.
Note: Mandiant Red Curtain requires Microsoft .NET Framework 2.0
BTW, to obtain a sanity check of Mandiant's file scoring, submit individual file samples (those marked red in Mandiant with high scores) to...
VirusTotal
http://www.virustotal.com/
...which further scans them using 32 separate virus scanning engines with their latest signature DATs.
Note: Opera binaries are packed using ASPack, and are not digitally signed with a code-signing certificate, which apparently qualifies them as yellow in Mandiant. Obviously, you can ignore Mandiant's ranking of Opera binaries.
Enjoy.
![FallenWalnut1[1].jpg](http://files.myopera.com/Lee_Harvey/albums/3090/thumbs/FallenWalnut1%5B1%5D.jpg_thumb.jpg)
![WalnutTree1[1].jpg](http://files.myopera.com/Lee_Harvey/albums/3090/thumbs/WalnutTree1%5B1%5D.jpg_thumb.jpg)
