Tom Brennan & Gary Berman – Paul’s Security Weekly #566

Tom Brennan from Proactive Risk and Gary Berman from Cyberman Security, come on the show and talk about their journey up till their comic. They give us the inside scoop on their comic book, “The CyberHero Adventures”. Full Show Notes Subscribe to YouTube Channel
The post Tom Brennan & Gary Berman – Paul’s Security Weekly #566 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/MKXXaTxCX-w/

Masc – A Web Malware Scanner

A malware (web) scanner developed during CyperCamp Hackathon 2017.FeaturesAt the moment, there are some features avaiable for any type of website (custom or CMS) and some of them only available for specific platforms:Scan any website for malware using OWASP WebMalwareScanner checksum, YARA rules databases and ClamAV engine (if available)Perform some cleaning operations to improve website protectionMonitor the website for changes. Details are written in a log fileScan your site to know if it has been infected with some malwareList your local backupsLogging supportBackup your siteRestore websiteScan for suspect files and compare with a clean installation (for WordPress and Drupal)Clean up your site to avoid giving extra information to attackers (only available for WordPress)RequirementsFirst of all, notice that this tool is developed under Linux and, at the moment, it has been tested only under this Operating SystemPython >= 3Some Python librariespython-magicyara-pythonwatchdogtermcolorpypandocprogresssanti@zenbook:$ pip3 install python-magic yara-python watchdog termcolor pypandoc progressClamAV to integrate with its engine (optional but recommended)NoticeIn my notebook, after upgrading to Debian testing, masc became to show an error related to YaraOSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directoryAfter trying a lot of solutions I found in the Internet, I realized that this file was located in my computer in /usr/local/lib/python3.5/dist-packages/usr/lib, so I created a symbolic link from the previous path to /usr/libsanti@zenbook:$ ln -s /usr/local/lib/python3.5/dist-packages/usr/lib/libyara.so /usr/lib/libyara.soAnd now, masc and Yara library are running with no problems.Noticemasc is developed under Linux and it has not been tested under any other Operating System.Anyway, it should run without problems under any Unix-friendly OS. In particular, in Mac OSX I have noticed it’s neccesary to install Homebrew to use python-magic library propery as libmagic. Check first the previous link to the brew homepage and then you will be able to install as I show below:santi@zenbook:$ brew install libmagicInstallationTo install masc on your computer, you can download a release, untar it and try. You can also install it usign pip (‘pip3 install masc’)Usagemasc 0.2.2 (http://github.com/sfaci/masc)usage: masc.py [-h] [–add-file FILENAME] [–add-word STRING] [–clean-cache] [–clean-site] [–list-backups] [–make-backup] [–monitor] [–name NAME] [–path PATH] [–rollback] [–scan] [–site-type {wordpress,drupal,custom}]optional arguments: -h, –help show this help message and exit –add-file FILENAME Add a suspect file to the dictionary –add-word STRING Add a suspect content to the dictionary –clean-cache Clean masc cache (cache and logs files, NO backups) –clean-site Clean up the site to hide information to attackers –list-backups List local backups –make-backup Create a local backupv of the current installation –monitor Monitor site to detect changes –name NAME Name assigned to the scanned installation –path PATH Website installation path –rollback Restore a local backup –scan Scan website for malware –site-type {wordpress,drupal,custom} which type of web you want to scan:: wordpress, joomla, drupal or magentoTestThere is a repository in the Docker Hub to perform tests masc-wordpressDocumentationYou can find a complete tutorial about how to use masc in the wikiAuthorSantiago Faci santi@arkabytes.comDownload Masc

Link: http://feedproxy.google.com/~r/PentestTools/~3/O45kS_1jZAs/masc-web-malware-scanner.html