Enterprise memory forensics for incident response and compromise assessment
As we have seen over the past few weeks with WannaCry, no one is immune from being attacked by offensive capabilities that belong to a super nation and got lost in the wild.
The increased complexity of attacks is not something new, but the recycling of offensive tools such as the ETERNAL exploits and DOUBLEPULSAR backdoor is a threat to any organization in the World. Multiple ransom ware emerged leveraging those tools, including WannaCry or more recently an even more aggressive version: EternalRocks.
A new profile of threat as emerged, a new profile that requires a deep dive analysis of your systems — Indeed, it is easy to notice when you are affected by a ransomware but what happens when you have a dormant attacker in your network which does not display any visual sign of infiltration ?
These type of threats aren’t going to stop anytime soon — on the contrary.
We are proactively defending dozen of thousands of machines from being affected by WannaCry because of a kill-switch we registered — but we can also help you to detect dormant backdoor such as DOUBLEPULSAR.
Spikes of WannaCry infection detected over the past few days by our Analyst Team.
Comae Stardust
We are currently launching a Beta program for our product Comae Stardust which you can see below detecting threats such as DOUBLEPULSAR by leveraging memory forensics and our analytics on machines.
Comae Stardust works by collecting memory snapshots of machines and inspecting them in depth. This applies to any version of Windows from Windows XP to Windows 10.
Comae Stardust — Dashboard for machines
Comae Stardust — Snapshot overview of suspected issues (DOUBLEPULSAR)
Comae Stardust — Process list overview highlighting the injected process
Join our Beta program
Comae beta testers get early access to the features the development team is working on.
The program is exclusive — only made up of the most beta-tolerant and sophisticated of Comae users. We want to make the software better for you so we want thoughtful feedback on each new release from our testers.
- How useful did you find it?
- What bugs still need fixing?
- What could be improved, added, or taken away?
Keep in mind, this program isn’t just a walk in the park. Being a part of the beta group at Comae is a commitment. It means you agree to use some software in your daily life that is bound to be a little rough around the edges. It also means you’re willing to take the time to help us smooth out those rough edges.
If you are interested*****, register with your **work email address at** https://my.comae.com — _Beta is open to all, try the platform for free by registering directly!_
- Who you are, what do you do and what does your employer do.
- How familiar you are with DFIR — bonus points for memory forensics.
- Why do you want to be part of the Beta. (e.g. if this is just to check it out, please pass your way and wait for the final version)
* Only serious applicants will be considered. Enterprises only.