Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

11/30/2011
02:13 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

HBGary Responder Pro 2.0.5 S Improves Ability to Detect And Counter Adaptive, Persistent Threats In The Enterprise

Responder Pro delivers malware analysis, memory analysis, and malware detection on a single, integrated platform

November 29, 2011, Sacramento, CA, In a move to significantly improve incident response teams’ ability to detect – and counter – adaptive, persistent threats and other targeted attacks in the enterprise, today HBGary announced Responder™ Pro 2.0.5, the latest version of the de facto industry standard in Windows' physical memory and automated analysis.

Responder™ Pro 2.0.5 provides faster, more targeted visibility about Advanced Persistent Threats (APT) and other adaptive, persistent adversaries so investigators can quickly determine scope of infection, contain and then remove the attackers from the network. Using Responder™ Pro, incident responders can complete their investigation in minutes instead of days as with conventional tools.

“This release offers a number of new features designed to help our customers analyze threats faster and more efficiently. In today’s corporate networks, threats evolve quickly and the sheer scope of information can often overwhelm security professionals. We are consistently working to develop new technologies to successfully detect and counter these attackers and help reduce the load on the customer.” said Martin Pillion, Senior Software Engineer for HBGary, Inc.

Leveraging HBGary’s Digital DNA™ core technology, Responder™ Pro delivers malware analysis, memory analysis and malware detection on a single, integrated platform. Responder™ Pro allows incident responders to quickly find the “smoking gun” in an infected Windows' system including malware, chat sessions, registry keys, socket information, passwords in clear text, rootkits, Trojans, unencrypted data, and open files.

Responder™ Pro is used by cybersecurity professionals in many industries including financial, technology, energy, manufacturing, healthcare, and services as well as government.

New features and upgrades to existing features in Responder™ Pro 2.0.5 include:

Full Binary Analysis Graph Feature: Allows you to quickly and easily see what is occurring in a binary sample. You can visually browse a graph and determine how it functions so you can focus on the section you are interested in immediately.

Improved Binary Information: Important information about a binary is now labeled or automatically generated. This includes hashes, timestamps, header information, structures, and additional labeling of disassembled code.

At-a-Glance Cross-References: Cross-references are automatically disassembled and presented inside the strings and symbols list. You can save a tremendous amount of time while reverse engineering code without having to manually examine every cross-reference. Also, data and call cross-references are now followed through multiple indirections to propagate symbol and function names.

Improved Disassembly: The automated disassembler has been improved to handle certain complex code structures. You can now automatically generate cross-references in addition to being able to create function and code blocks anywhere in the binary. Also, alignment and debug blocks are more accurately labeled.

Hierarchical Process View: This view provides an easier way for analysts to view parent- child relationships of programs and interactions on the system. You can toggle between a flat list or a hierarchical tree. This makes it easier to spot some malware infections visually when looking at the Objects Tab – Global View of all Processes.

Binary View: The binary view now supports advanced display options allowing you to customize your preferences. The default settings make it much easier to identify the critical pieces of information in a binary.

Search Details: Search results show more detail about the containing processes and module if available.

Memory Map Packages: You can now create a package out of any memory page or region in the Memory Map and then analyze that package as if it were a regular module.

Automatic Labeling of GUIDs: A large list of GUIDs are now automatically identified and labeled.

You can customize this list to include any additional GUIDs that you want.

Depth Control for Auto-Label Operands: You can control the depth of the auto label operation in the preferences, and you can abort the auto label command during operation if it takes longer than you want.

About the Responder™ Windows' Memory Investigation Platform

By tightly coupling physical memory forensics and malware analysis in a workstation analysis system, the HBGary Responder™ platform reliably identifies all digital objects on a computer and provides valuable intelligence on what bad guys are doing. Responder automatically reconstructs and displays all informational objects stored in RAM such as running processes, drivers and modules, strings, symbols, and open registry keys, files, and network connections. HBGary’s core technology, Digital DNA, is an optional software subscription for Responder™ Pro. Responder helps incident response professionals understand malware fast. It provides human readable information and contextual graphics, while traditional binary reverse engineering tools require deciphering esoteric assembly code.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20620
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20621
PUBLISHED: 2021-01-28
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2021-20622
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2020-5626
PUBLISHED: 2021-01-28
Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file.
CVE-2021-3142
PUBLISHED: 2021-01-28
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35128. Reason: This candidate is a reservation duplicate of CVE-2020-35128. Notes: All CVE users should reference CVE-2020-35128 instead of this candidate. All references and descriptions in this candidate have been removed to preve...