Archive for the ‘Incident Response’ Category

Installation Ananlysis Tool – InsMoN

Tuesday, December 16th, 2014

InsMoN is a software developed in order to monitor an installation process or an executable process. It informs the user about File changes, Registry changes, Connections as well as the name each process started by the sample.

This software was built in Python, in order to be available for both x86, 64 bit Windows systems. In order to test and use this software please visit the following links. Standard disclaimers apply – use at your own risk!

For more information, please visit the InsMoN project page

Incident Repsonse Tool for malware protection

Friday, October 3rd, 2014

“Security is about systems failing gracefully” (B. Schneier). When it comes to malware protection, anti-virus products fail rather frequently. So how can we make a system fail gracefully when an a/v fails and we eventually get infected?

This question gave birth to Pholus. This program attempts to defend a computer system against ransomware and some types of banking trojans by monitoring the network connections and responding to “suspicious” communication attempts.

This software was built in Python, in order to be available for both x86, 64 bit Windows systems. In order to test and use this software please visit the following links. Standard disclaimers apply – use at your own risk!

You can download the Pholus setup file here.

For more information, please visit the Pholus.


Cyber Protector 2014 tests the Hellenic Incident Response Teams’ efforts during simultaneous real time and live cyber attacks

Friday, March 21st, 2014

Cyber Protector is a hands-on, technical cyber defence exercise, based on real-time attack and defend scenarios, in which the Hellenic National Defence General Staff –HNDGS- and 6 other Cyber Incident Response Teams were involved during 2 days starting on 18 March 2014.

Cyber Protector 2014 service consists of a live technical Blue/Red Team Cyber Defence Exercise (CDX) where participants have to defend pre-built networks consisting of a number of virtual machines against the sophisticated, high-level, real-time, Red Team’s attacks. The attacks come in many forms, replicating those seen in the “cyber-wild” today and include targeted attacks, social engineering, insider threats, denial of service, zero-day exploits and custom built malware.

The aim was to provide new and unique opportunities to Cyber Security Teams to be “trained as they fight’’ and to get acquainted with the latest cyber attacks and best cyber defence practices, techniques and tactics. This allows security teams to develop processes, procedures and a dynamic strategy to defend their infrastructure and assets against ‘real’ cyber attacks. It also allows them, through ‘lessons-learnt’, to increase their security posture and implement better security solutions on their operational environments, based on tested methods and configurations.

The result of this unique opportunity for the players was a success and demonstrated the need for technical and hands-on exercises such as Cyber Protector 2014,  to allow the  participants to increase their incindent response capabilities and their technical skills. It provides the participants with the ability to assess their current security controls, and to sharpen their cyber defenders in identifying, defending and responding to cyber attacks.

It was the first time that Democritus University of Thrace participated in such a high level Cyber Defence Exercise. We were exposed to a series of highly sophisticated, real-time cyber attacks and this gave us a unique opportunity to test our capabilities and skills and also to get trained on cyber defence best practices.

Cyber Protector 2014-A was a tremendous success for all participants, delivering outstanding results and lessons learnt from the effective collaboration between private, academia and public sector which is of a paramount importance for a successful Cyber Defence Policy.

For more information visit


Kludge remote running local

Sunday, January 13th, 2013

Kludge is a remote information gathering script that can be used in cases requiring a triage phase. If there are situations where network connectivity is not an option, this version can be used instead. Note that in order to run the tool you need all components downloaded from here.

RAM dumps and volatile memory treasures

Wednesday, August 15th, 2012

Our interview on scienceomega on our recent paper on volatile memory analysis:

Copyright © 2019 Information Security and Incident Response Research Unit. All Rights Reserved.
No computers were harmed in the 0.524 seconds it took to produce this page.

Designed/Developed by Lloyd Armbrust & hot, fresh, coffee.