So for the past few years I have worked front line as a Sysadmin, and specialized in web server security investigations. This culminated in the blazescan, minerchk, lw-yara, and other tools. These significantly increased our capabilities within my organization to investigate incidents. And I hope with these tools and assistance I was able to leave things a little bit better than I found them.
But starting next week I will be starting a new role taking a step back from front line incident investigations. I hope to keep these tools created still active, but I will be relying on the community to help do so. If you have found these tools to help your capabilities, help keep them going by reporting back new malware samples that have not been seen before.You can do so using the following flags:
minerchk -R blazescan -R
Any files reported back I will analyze and create new signatures for to be published to the lw-yara rule set. As long as the reports come in and time allows I’ll keep the projects going. Feel free to reach out @laskow26 on twitter.