On Fri, Dec 10, 2010 at 11:52 PM, Charles Polisher <[email protected]> wrote: > Adam Behnke wrote: >> Hi everyone, InfoSec Institute author Russ McRee has written up an overview >> on tools to ensure maximum readiness for incident response teams, including >> drill tactics. PCI-DSS audits often require IR testing validation; drill >> quarterly and be ready next audit cycle. >> >> http://resources.infosecinstitute.com/incident-response-and-audit-requirements/ >> >> Please let me know your thoughts. > > "Remember that you're playing with binaries that will likely cause > antivirus to fire." > > I take issue with this statement. Tonight I tested $VENDOR's > up-to-date anti-virus against 10 day-old malware samples captured > from the wild - the detection rate was abysmal (225/539). > Maybe your AV is better than mine. Immunet (http://www.immunet.com/) would probably very useful in this situation. Think of it a 'distributed antivirus definitions'. If one $VENDOR catches it, your machine will most likely catch it since its part of the cloud (forgive the cliché).
The company was started by a fellow named Al Huger. I believe he also started Bugtraq. When Bugtraq was commercialized by Symantec, Huger moved on to Immunet. Jeff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
