Tuesday, July 28, 2015

Rook Security - Milano tool

As usual…a week or more late…

Post Update 2015-07-31 New tool version: Milano 1.1.0 Release with Linux and Mac OSx IOC's Now Included - Rook Security

Anyway, Rook Security spent some time analyzing the data-dump from Hacking Team and in the process have found some indicators of compromise (IOCs) of a Hacking Team presence on a system.

Basically you can download their free/open-source tool which does a quick or full scan of a system and compares the files against known IOC hashes.

Downloads - Rook Security.  Current look for the “Milano 1.0.1: Hacking Team Malware Detection Utility” link.  There is also an MSI version for enterprise deployment.

Then it’s up to your leet skills to figure out if these are false positives or not.

I’ve ran their tool against both my systems. The quick scan is very fast. The full scan took a nighttime to complete on my traditional HDD system but it ran very fast across my SSDD drive system.  In all cases my systems came back clean.

It’s a portable app so no excuse not to include in in your USB carry-stick toolkit.

You may want to keep an eye on their tool for updates. At least one update has been released. It is also unknown if other security vendors are adding the IOC/hashes to their own detection engines.

More info here

Constant Vigilance!

Claus Valca

No comments: