Indicator Of Compromise (IOC) – Part I

The release of the APT1 report from Mandiant has been one of the major recent event in the security world. I’m not going to review the report or to comment on it, even though the work that Mandiant did is really impressive and clearly demonstrate that governemental attacks are real. As I said in a previous post, cyber-espionage is on an increase trend and what Mandiant release is just the tip of the iceberg.

But what is really interesting in this report is the…appendix! Mandiant did include an awful lot of details such as FQDN, SSL Certificates and…Indicators of Compromise (e.g. IOC)! Let’s have a closer look at those IOCs. Continue reading “Indicator Of Compromise (IOC) – Part I”

[OS X] List┬áprocesses using internet

Under OS X if you are interest to find out which process is using internet you can using the following command:

lsof -i -P -n 

This command normally list all the open file on the system, but using the -i option it will list all the “internet” files. Continue reading “[OS X] List┬áprocesses using internet”