Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

01:14 PM
Dark Reading
Dark Reading
Products and Releases

HBGary Unveils Comprehensive Windows Memory Investigation And Malware Analysis Platform

HBGary Responder Professional 1.3 allows security professionals, malware analysts and forensic investigators to more effectively and efficiently detect, diagnose, and investigate computer crimes on live Windows computer systems

Sacramento, California--January 21, 2009 " HBGary, Inc., a leading provider of computer forensic, incident response, security assessment solutions and services, today unveiled HBGary Responder Professional 1.3, the most comprehensive memory investigation and malware analysis platform available on the market today.

HBGary Responder Professional 1.3 fulfills many of the rigorous requirements that top computer incident responders, computer forensic investigators and malware analysts require. Responder Professional 1.3 supports acquisition and analysis of physical memory (RAM) on all Windows ' Operating Systems starting with Windows ' 2000 through Windows ' 2008 Server including all service packs both 32- and 64-bit (PAE and non-PAE). This is a huge step forward for the information security and computer forensic communities. Finally, these long-awaited capabilities are available to complement enterprise security best practices in the areas of host intrusion detection, computer forensics and security assessments. With HBGary Responder Professional 1.3, incident responders, forensic investigators, and malware analysts now have access to a wealth of runtime data that allows them to more accurately assess and investigate live Windows computer systems. "Our customers tell us that visibility into computer RAM is the only way they detect some of the latest malicious code found on their networks," said Rich Cummings, CTO of HBGary. "The network monitoring team sees traffic coming from compromised hosts, but cannot identify the malicious code on the machine using antivirus scanning technology."

Growing incidence of malware in memory Organized crime, foreign governments, disgruntled employees and other adversaries are contributing to a $100 billion dollar shadow economy of stolen information. In the past, malware was written by kids looking to enhance their reputation. Today much of the malware is written by professionals who develop military-grade exploits and malicious code that easily evade existing host security solutions. These advanced coding tricks allow them to exploit confidential information and computer assets at will. This rapidly developing problem is one of the driving forces behind the need for better malicious code detection, diagnosis, and response.

Just finding the malicious code and sending a copy to your antivirus vendor of choice for a signature is not enough anymore. Today organizations want answers fast. They want to know how to detect the malicious code, but also want to know what information is being stolen. Where is their data being sent? How does the malware propagate itself? How does it communicate? Does it use encryption? Is it stealing passwords and logging keystrokes? This kind of intelligence becomes critical when your most sensitive data is under attack.

"Our customers recognize there are gaps in current malware detection and analysis capabilities and are looking to physical memory analysis to answer some hard questions previously not addressed by other security software", said Cummings. "With cybercrime at an all time high, these capabilities are changing from `nice to have' to `need to have' for information security professionals and computer forensic investigators. You never know what digital artifact will provide the evidence needed to solve a cybercrime and point you to the smoking gun. If you're not incorporating offline memory analysis capabilities into your best practices, then you just don't know what you're missing."

HBGary Responder Professional 1.3: What's New?

Full Analysis Support for all 32- & 64-bit Windows Operating Systems

o Windows ' 2000 " 2008 Server

o PAE & Non-PAE

o All service packs

Full Unicode Searching and Reporting

o Logical and physical across the entire memory image

o Per process, module or driver

o Virtual Address Descriptor (VAD) Tree

Supports analyzing memory snapshots that are larger than 4GB

Identifies code installed using the Reflective DLL injection technique

Search and Report on data per process in the, Memory Heap and Stack

Enhanced Malware Analysis Plug-in (MAP)

o The MAP plug-in automatically generates a malware analysis report that provides a high level overview of each binary's possible capabilities broken out into 6 different factors.

1. Installation and Deployment Factors

2. Communication Factors

3. Information Security Factors

4. Defensive Factors

5. Development Factors

6. Command and Control Factors

FastDump Pro " with support for imaging physical memory on all 32- and 64-bit Windows ' Operating Systems Windows ' 2000 " 2008 Server

o Includes systems with more than 4GB of RAM

Added analysis support for VMware ESX memory image files (.vmsn extension)

Pricing and Availability

HBGary Responder Professional 1.3 list price is $9000.00 and is available now.

HBGary Responder Field Edition 1.3 list price is normally $3000.00 but discounted to $2000.00 until March 31, 2009. To purchase HBGary Responder 1.3 or get additional information, please visit www.hbgary.com or contact [email protected].

About HBGary, Inc. HBGary, Inc. was founded in 2003 by renowned security expert Greg Hoglund. Mr. Hoglund and his team are internationally known experts in the field of windows internals, software reverse engineering, bug identification, rootkit techniques and countermeasures. Today HBGary specializes in developing advanced computer analysis solutions for Information Assurance (IA) analysts, Computer Emergency Response Teams (CERT's), and Computer Forensic Investigators to detect, diagnose, and respond to computer intrusions and other cyber crime activities. The company is headquartered in Sacramento with sales offices in the Washington D.C. area. HBGary is privately held. For more information on the company, please visit: http://www.hbgary.com.

For More Information: Contact: Karen Burke 650-814-3764 [email protected]

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-03-04
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a com...
PUBLISHED: 2021-03-04
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information dis...
PUBLISHED: 2021-03-03
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive info...
PUBLISHED: 2021-03-03
resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/documen...