|
Full Disclosure
mailing list archives
Re: Security Incident Response Testing To Meet Audit
From: Christian Sciberras <uuf6429 () gmail com>
Date: Sun, 12 Dec 2010 17:55:03 +0100
Just to satisfy my curiosity, but, when was the last AV update performed?
One could assume some anti-virus would be up-to-date even if the last update
was performed a month or so ago.
On the other hand, an anti-virus update usually is done sometimes even
several times er day (well, mine does).
Have you tried the binaries virustotal.com (or equivalent)?
Cheers,
Chris.
On Sat, Dec 11, 2010 at 5:52 AM, Charles Polisher <cpolish () gmail com> wrote:
Adam Behnke wrote:
Hi everyone, InfoSec Institute author Russ McRee has written up an
overview
on tools to ensure maximum readiness for incident response teams,
including
drill tactics. PCI-DSS audits often require IR testing validation; drill
quarterly and be ready next audit cycle.
http://resources.infosecinstitute.com/incident-response-and-audit-requirements/
Please let me know your thoughts.
"Remember that you're playing with binaries that will likely cause
antivirus to fire."
I take issue with this statement. Tonight I tested $VENDOR's
up-to-date anti-virus against 10 day-old malware samples captured
from the wild - the detection rate was abysmal (225/539).
Maybe your AV is better than mine.
--
Charles Polisher
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
