[Dailydave] "Find me something"

Dave Aitel dave at immunityinc.com
Thu Nov 13 16:29:35 EST 2014


<If you had HTML email turned on you'd see a pretty picture here>

If someone came to you and said "Build me a product that can find evil
maid attacks, BadUSB, people leaking sensitive data between machines of
different classification levels, Stuxnet coming back and forth on USB
keys, or people plugging in USB wireless cards to machines that should
not have USB wireless cards anywhere near them!" and you would have
built El Jefe 2.2, a completely Free Enterprise Situational Awareness
product.

You can do realtime monitoring of USB events via a few of the more
expensive SIEM products (Tenable has a blogpost on it, for example) but
El Jefe pulls back some rather different data, stores it differently,
and that enables it to have a visualization interface and workflow that
focuses on the known and unknown threats posed by USB in a quite
different manner, and of course, prepares it for the upcoming anomaly
detection release.

You can build upon El Jefe - write export or analysis scripts, for
example, as the entire product is GPLv3. We'd love to hear from you, and
you can read more about this release here:
http://immunityproducts.blogspot.com/2014/11/el-jefe-13-curious-case-of-3g-modem.html

Thanks,
Dave Aitel
Immunity, Inc.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20141113/bebb74a7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: el jefe usb image.png
Type: image/png
Size: 47915 bytes
Desc: not available
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20141113/bebb74a7/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20141113/bebb74a7/attachment-0001.sig>


More information about the Dailydave mailing list