The ability to add Internet connectivity to devices has become very easy with the addition of an additional chip to handle to connects. But adding the necessary security is no so easy. There is no chip that can be added to provide security.
http://www.cnbc.com/2016/03/04/how-the-internet-of-things-could-be-fatal.html
Follow On Twitter: ITSECSAM
ITSecSam
Discuss some of the tools I am using to make systems more secure as well as tools that make System Administration easiere.
Monday, March 7, 2016
Friday, March 4, 2016
Problems with reporting attribution of cyber attacks in Threat Intelligence.
Companies are trying to get headlines by announcing attribute for cyber attacks seen in Threat Intellingence reporting. There are problems with Attributing where a cyber attack which may lead to wrong decisions about how to block them.
http://www.robertmlee.org/the-problems-with-seeking-and-avoiding-true-attribution-to-cyber-attacks/
Follow on Twitter: ITSECSAM
http://www.robertmlee.org/the-problems-with-seeking-and-avoiding-true-attribution-to-cyber-attacks/
Follow on Twitter: ITSECSAM
Wednesday, March 2, 2016
Microsoft relases an updated Windows Defencer on Windows 10
Microsoft has just added Network Threat Protection to their Windows Defender built into Windows 10. http://news.softpedia.com/news/microsoft-launches-windows-defender-advanced-threat-protection-501198.shtml
Follow on Twitter: ITSECSAM
Paper about forenics on Virtual OS running on a Thumbdrive.
Performing Forensics on a Virtual OS on a Thumb Drive can be challenging. This paper walks through some of the gotchas.
Tracing Forensic Artifacts from USB-Bound Computing Environments on Windows Hosts
Follow on Twitter: ITSECSAM
Friday, February 26, 2016
New Threat Intelligence sharing coming from DHS
DHS has been tasked with sharing their Threat Intelligence with Businesses in an effort to improve cyber_security.
http://www.technewsworld.com/story/DHS-Ready-to-Share-Intelligence-With-Private-Sector-83127.html
Follow on Twitter: ITSECSAM
Follow on Twitter: ITSECSAM
Monday, February 22, 2016
Exploring Prefetch Files
One of the first things I look at when performing forensics on a system is the prefetch files which gives a report about recently run software on the system. Some malwre now recognize the importance of these files and delete them when they run.
For cases where there is still prefetch files there is a great open source tools to parse them and convert the output to a useable format.
Here is the link:
https://github.com/EricZimmerman/PECmd
Follow on Twitter:ITSECSAM
For cases where there is still prefetch files there is a great open source tools to parse them and convert the output to a useable format.
Here is the link:
https://github.com/EricZimmerman/PECmd
Follow on Twitter:ITSECSAM
MALTRAIL - Malware Network Sensor
There is a github project to build a network based malware detection system. This system uses blacklist and other open source information to build up a scoring system for network traffic that indicates the presence of malware.
I have not tested this system yet, however we are in the process of bringing in new equipment which frees up some older equipment to run tests on.
Here is the link:
https://github.com/stamparm/maltrail
Follow on Twitter: ITSECSAM
I have not tested this system yet, however we are in the process of bringing in new equipment which frees up some older equipment to run tests on.
Here is the link:
https://github.com/stamparm/maltrail
Follow on Twitter: ITSECSAM
Subscribe to:
Posts (Atom)