Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

1/21/2009
01:14 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

HBGary Unveils Comprehensive Windows Memory Investigation And Malware Analysis Platform

HBGary Responder Professional 1.3 allows security professionals, malware analysts and forensic investigators to more effectively and efficiently detect, diagnose, and investigate computer crimes on live Windows computer systems

Sacramento, California--January 21, 2009 " HBGary, Inc., a leading provider of computer forensic, incident response, security assessment solutions and services, today unveiled HBGary Responder Professional 1.3, the most comprehensive memory investigation and malware analysis platform available on the market today.

HBGary Responder Professional 1.3 fulfills many of the rigorous requirements that top computer incident responders, computer forensic investigators and malware analysts require. Responder Professional 1.3 supports acquisition and analysis of physical memory (RAM) on all Windows ' Operating Systems starting with Windows ' 2000 through Windows ' 2008 Server including all service packs both 32- and 64-bit (PAE and non-PAE). This is a huge step forward for the information security and computer forensic communities. Finally, these long-awaited capabilities are available to complement enterprise security best practices in the areas of host intrusion detection, computer forensics and security assessments. With HBGary Responder Professional 1.3, incident responders, forensic investigators, and malware analysts now have access to a wealth of runtime data that allows them to more accurately assess and investigate live Windows computer systems. "Our customers tell us that visibility into computer RAM is the only way they detect some of the latest malicious code found on their networks," said Rich Cummings, CTO of HBGary. "The network monitoring team sees traffic coming from compromised hosts, but cannot identify the malicious code on the machine using antivirus scanning technology."

Growing incidence of malware in memory Organized crime, foreign governments, disgruntled employees and other adversaries are contributing to a $100 billion dollar shadow economy of stolen information. In the past, malware was written by kids looking to enhance their reputation. Today much of the malware is written by professionals who develop military-grade exploits and malicious code that easily evade existing host security solutions. These advanced coding tricks allow them to exploit confidential information and computer assets at will. This rapidly developing problem is one of the driving forces behind the need for better malicious code detection, diagnosis, and response.

Just finding the malicious code and sending a copy to your antivirus vendor of choice for a signature is not enough anymore. Today organizations want answers fast. They want to know how to detect the malicious code, but also want to know what information is being stolen. Where is their data being sent? How does the malware propagate itself? How does it communicate? Does it use encryption? Is it stealing passwords and logging keystrokes? This kind of intelligence becomes critical when your most sensitive data is under attack.

"Our customers recognize there are gaps in current malware detection and analysis capabilities and are looking to physical memory analysis to answer some hard questions previously not addressed by other security software", said Cummings. "With cybercrime at an all time high, these capabilities are changing from `nice to have' to `need to have' for information security professionals and computer forensic investigators. You never know what digital artifact will provide the evidence needed to solve a cybercrime and point you to the smoking gun. If you're not incorporating offline memory analysis capabilities into your best practices, then you just don't know what you're missing."

HBGary Responder Professional 1.3: What's New?

Full Analysis Support for all 32- & 64-bit Windows Operating Systems

o Windows ' 2000 " 2008 Server

o PAE & Non-PAE

o All service packs

Full Unicode Searching and Reporting

o Logical and physical across the entire memory image

o Per process, module or driver

o Virtual Address Descriptor (VAD) Tree

Supports analyzing memory snapshots that are larger than 4GB

Identifies code installed using the Reflective DLL injection technique

Search and Report on data per process in the, Memory Heap and Stack

Enhanced Malware Analysis Plug-in (MAP)

o The MAP plug-in automatically generates a malware analysis report that provides a high level overview of each binary's possible capabilities broken out into 6 different factors.

1. Installation and Deployment Factors

2. Communication Factors

3. Information Security Factors

4. Defensive Factors

5. Development Factors

6. Command and Control Factors

FastDump Pro " with support for imaging physical memory on all 32- and 64-bit Windows ' Operating Systems Windows ' 2000 " 2008 Server

o Includes systems with more than 4GB of RAM

Added analysis support for VMware ESX memory image files (.vmsn extension)

Pricing and Availability

HBGary Responder Professional 1.3 list price is $9000.00 and is available now.

HBGary Responder Field Edition 1.3 list price is normally $3000.00 but discounted to $2000.00 until March 31, 2009. To purchase HBGary Responder 1.3 or get additional information, please visit www.hbgary.com or contact [email protected].

About HBGary, Inc. HBGary, Inc. was founded in 2003 by renowned security expert Greg Hoglund. Mr. Hoglund and his team are internationally known experts in the field of windows internals, software reverse engineering, bug identification, rootkit techniques and countermeasures. Today HBGary specializes in developing advanced computer analysis solutions for Information Assurance (IA) analysts, Computer Emergency Response Teams (CERT's), and Computer Forensic Investigators to detect, diagnose, and respond to computer intrusions and other cyber crime activities. The company is headquartered in Sacramento with sales offices in the Washington D.C. area. HBGary is privately held. For more information on the company, please visit: http://www.hbgary.com.

For More Information: Contact: Karen Burke 650-814-3764 [email protected]

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat Researcher,  10/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27187
PUBLISHED: 2020-10-26
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related command...
CVE-2020-7752
PUBLISHED: 2020-10-26
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.
CVE-2020-7127
PUBLISHED: 2020-10-26
A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
CVE-2020-7196
PUBLISHED: 2020-10-26
The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the ur...
CVE-2020-7197
PUBLISHED: 2020-10-26
SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* U...