Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Interesting new tool SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Interesting new tool

No, I don't have a witty title in a dead language, but as many of you are aware, I'm constantly on the lookout for useful tools, so I was intrigued when I came across an announcement yesterday that Mandiant had released a free tool aimed at incident handlers, called Red Curtain.  The purpose of the tool is to highlight which files may be suspicious and require a closer look by investigators.  The tool scores files based on some interesting characteristics including entropy (how random the file is, which may be an indication of encryption), indications of packing, specific signatures of compilers and packers, digital signatures, etc.  It certainly isn't foolproof, but is aimed at narrowing the investigator's initial job and would correctly flag anything written by Tom "if Latin isn't your thing, next time I'll try Sanskrit (shouldn't that be the official language of SANS anyway)" Liston.   It sounds like a decent idea.  Has anyone out there tried it, yet?  If so, let us know what you think.

I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - Live Online


415 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!