Tools no image

Published on November 25th, 2015 | by NJ Ouchn


RITA – Real Intelligence Threat Analysis

Released by the SANS, the RITA toolkit is intended to help approach the of ten overwhelming task of combing through piles of log
data looking for the following suspicious behaviors:
  • Beaconing : Connections that happen frequently and on similar intervals could be an indicator of malware calling home
  • Blacklisted IPs: Blacklisted IPs are addresses reported as being involved with malware, spamming, and other dangerous activities
  • Scanning: These events occur when a computer attempts to connect to a large number of ports on a system, searching for vulnerabilities
  • Long Durations: Connections that are beyond the length of average on a network could indicate a compromised system
  • Long URLs: Longer than normal URLs could potentially be used to transfer malicious data into the system
  • Concurrent Logins: A user being logged into a high number of systems could indicate that this user’s account or original system has been compromised

Tags: , ,

About the Author

Principal Founder & Maintainer - Freelancer ICS/SCADA Security Expert As part of my research, I'm focusing into maintaining many projects as the DPE (Default Password Enumeration), vFeed® the open source correlated & cross-linked vulnerability database and FireCAT the Firefox Catalog of Auditing exTensions. Today, I'm the co-organizer of the major event Blackhat Arsenal Tools (US and Europe) since 2011 and since 2014 co-organizer of Rooted Warfare in Spain. I'm going by the handle of @toolswatch on Twitter and always willing to help, share and drink with friends from far and wide.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑