Analyze McAfee quarantine files with punbup.py

Have you ever needed to extract a McAfee quarantine file? Today’s tutorial will show you how to extract a BUP file with punbup in the lab. There are many reasons to extract the files out of a McAfee quarantine file, the most common is to perform deeper analysis or to restore a file that was incorrectly identified. We will use the SANS SIFT workstation today to perform this task using the punbup.py script.

Continue reading “Analyze McAfee quarantine files with punbup.py”

How to secure a fresh Linux virtual private server install

Introduction

A Linux virtual private server (VPS) is an essential tool for any cyber security analyst, but left unsecured it can quickly be taken over by those with more nefarious intentions. Lets make sure that does not happen. This blog and accompanying video covers a few basic “must do” tasks to configure a secure Linux virtual private server at first boot. Why do we need to secure a new system? Within seconds of it coming online it will be found and attacked. If you want to test this you can leave this system as installed for 24 hours and then check the logs, there will be brute force attempts on ssh at a minimum. You may want to re-deploy the VPS before going any further if you performed this test.

YouTube video on how to secure a Linux VPS.
Continue reading “How to secure a fresh Linux virtual private server install”