Installation Ananlysis Tool – InsMoN

December 16th, 2014

InsMoN is a software developed in order to monitor an installation process or an executable process. It informs the user about File changes, Registry changes, Connections as well as the name each process started by the sample.

This software was built in Python, in order to be available for both x86, 64 bit Windows systems. In order to test and use this software please visit the following links. Standard disclaimers apply – use at your own risk!

For more information, please visit the InsMoN project page

Incident Repsonse Tool for malware protection

October 3rd, 2014

“Security is about systems failing gracefully” (B. Schneier). When it comes to malware protection, anti-virus products fail rather frequently. So how can we make a system fail gracefully when an a/v fails and we eventually get infected?

This question gave birth to Pholus. This program attempts to defend a computer system against ransomware and some types of banking trojans by monitoring the network connections and responding to “suspicious” communication attempts.

This software was built in Python, in order to be available for both x86, 64 bit Windows systems. In order to test and use this software please visit the following links. Standard disclaimers apply – use at your own risk!

You can download the Pholus setup file here.

For more information, please visit the Pholus.


straight from Kaspersky’s mouth

July 1st, 2014

COBIT 5 course and exam in Xanthi

April 24th, 2014

The information security & incident response research unit is very proud to announce the co-organization of ISACA‘s COBIT 5 foundation course and exam that will take place on 15-17th May in Xanthi. Many thanks to our Instructor Panagiotis Droukas and of course ISACA for the support and opportunity our students will have on obtaining such a widely recognized professional qualification.

Cyber Protector 2014 tests the Hellenic Incident Response Teams’ efforts during simultaneous real time and live cyber attacks

March 21st, 2014

Cyber Protector is a hands-on, technical cyber defence exercise, based on real-time attack and defend scenarios, in which the Hellenic National Defence General Staff –HNDGS- and 6 other Cyber Incident Response Teams were involved during 2 days starting on 18 March 2014.

Cyber Protector 2014 service consists of a live technical Blue/Red Team Cyber Defence Exercise (CDX) where participants have to defend pre-built networks consisting of a number of virtual machines against the sophisticated, high-level, real-time, Red Team’s attacks. The attacks come in many forms, replicating those seen in the “cyber-wild” today and include targeted attacks, social engineering, insider threats, denial of service, zero-day exploits and custom built malware.

The aim was to provide new and unique opportunities to Cyber Security Teams to be “trained as they fight’’ and to get acquainted with the latest cyber attacks and best cyber defence practices, techniques and tactics. This allows security teams to develop processes, procedures and a dynamic strategy to defend their infrastructure and assets against ‘real’ cyber attacks. It also allows them, through ‘lessons-learnt’, to increase their security posture and implement better security solutions on their operational environments, based on tested methods and configurations.

The result of this unique opportunity for the players was a success and demonstrated the need for technical and hands-on exercises such as Cyber Protector 2014,  to allow the  participants to increase their incindent response capabilities and their technical skills. It provides the participants with the ability to assess their current security controls, and to sharpen their cyber defenders in identifying, defending and responding to cyber attacks.

It was the first time that Democritus University of Thrace participated in such a high level Cyber Defence Exercise. We were exposed to a series of highly sophisticated, real-time cyber attacks and this gave us a unique opportunity to test our capabilities and skills and also to get trained on cyber defence best practices.

Cyber Protector 2014-A was a tremendous success for all participants, delivering outstanding results and lessons learnt from the effective collaboration between private, academia and public sector which is of a paramount importance for a successful Cyber Defence Policy.

For more information visit


Jan 28th – Data Privacy Day

January 30th, 2014

XP Doomsday

October 9th, 2013

On April 8, 2014, Microsoft ends XP support. This means that it is very likely that there will be no security updates. If this happens we will experience 0-days with really long life spans.

In case there are still XP boxes out there, here is a countdown timer to set as a default home page for your browser.

Other than that, XP users, you will be on your own.

cuckoo-profiler available

August 20th, 2013

Profiler is an extension for the cuckoo malware analysis tool. The code is open-source and available on google code. Feedback is highly appreciated.

javascript revelations with revelo

June 24th, 2013

Obfuscated javascript snippets are very popular; in all cyberdefense exercises we have participated in, obfuscated javascript was on the top of the scenarios list. Revelo is a very neat tool that can greatly assist in quickly analysing obfuscated code. Many thanks to KahuSecurity, for the continuous efforts to develop this tool!

var _0x2d61=["\x48\x65\x6C\x6C\x6F\x20\x57\x6F\x72\x6C\x64\x21","\x0A","\x4F\x4B"];var a=_0x2d61[0];function MsgBox(_0x2949x3){alert(_0x2949x3+_0x2d61[1]+a);} ;MsgBox(_0x2d61[2]);

Our team during the 3rd National Cyberdefense Exercise

January 24th, 2013

Many thanks to all members for making this exercise interesting, challenging and fun!

Looking forward to future tasks!

Copyright © 2019 Information Security and Incident Response Research Unit. All Rights Reserved.
No computers were harmed in the 0.699 seconds it took to produce this page.

Designed/Developed by Lloyd Armbrust & hot, fresh, coffee.