Monday, March 7, 2016

Security problems with the Internet of Things

The ability to add Internet connectivity to devices has become very easy with the addition of an additional chip to handle to connects. But adding the necessary security is no so easy. There is no chip that can be added to provide security.
http://www.cnbc.com/2016/03/04/how-the-internet-of-things-could-be-fatal.html

Follow On Twitter: ITSECSAM

Friday, March 4, 2016

Problems with reporting attribution of cyber attacks in Threat Intelligence.

Companies are trying to get headlines by announcing attribute for cyber attacks seen in Threat Intellingence reporting. There are problems with Attributing where a cyber attack which may lead to wrong decisions about how to block them.

http://www.robertmlee.org/the-problems-with-seeking-and-avoiding-true-attribution-to-cyber-attacks/

Follow on Twitter: ITSECSAM

Friday, February 26, 2016

Monday, February 22, 2016

Exploring Prefetch Files

One of the first things I look at when performing forensics on a system is the prefetch files which gives a report about recently run software on the system. Some malwre now recognize the importance of these files and delete them when they run.

For cases where there is still prefetch files there is a great open source tools to parse them and convert the output to a useable format.

Here is the link:
https://github.com/EricZimmerman/PECmd

Follow on Twitter:ITSECSAM

MALTRAIL - Malware Network Sensor

There is a github project to build a network based malware detection system. This system uses blacklist and other open source information to build up a scoring system for network traffic that indicates the presence of malware.

I have not tested this system yet, however we are in the process of bringing in new equipment which frees up some older equipment to run tests on.

Here is the link:
https://github.com/stamparm/maltrail

Follow on Twitter: ITSECSAM