SANS DFIR, Jim Clausing's 'A Ghidra TestDrive' →
superlative DFIR videos on their SANS DFIR YouTube Channel
And, for more information about Ghidra, visit the SANS DFIR blog here.
SANS DFIR, Mari DeGrazia's 'Triage Collection And Timeline Analysis With KAPE' →
superlative DFIR videos on their SANS DFIR YouTube Channel
SANS DFIR, Sherrie Caltagirone's 'Classifying Evil: Lessons From Hunting Human Traffickers' →
superlative DFIR videos on their SANS DFIR YouTube Channel
Comodo Takes Security Seriously... Wait, What?
via Zach Whittaker, writing at Techcrunch, comes this interesting piece, describing a 'cybersecurity' company's (in this case - Comodo) abject faliure to protect it's own web presence (from a recently reported - and fixed-by-the-vendor flaw). A nearly perfect example of as to why security companies are generally distrusted (at least around here...).
Oh, and the ostensible cause? The highly reported on VBulletin Flaw (now fixed). However, the true cause was (and I assert still must be) gross incompetence displayed by Comodo, and of which, is certainly not the first time this company has appeared swimming in the murky sea of questionable practices, and behaviors indicative of criminality.
SANS DFIR, Richard Davis' 'Introduction To Arsenal Image Mounter' →
superlative DFIR videos on their SANS DFIR YouTube Channel
SANS DFIR, Katie Nickels' 'The Cycle Of Cyber Threat Intelligence' →
superlative DFIR videos on their SANS DFIR YouTube Channel
Classic Facebookery: Zuckerberg, Harms Suffered
via Kate Cox, come this well-crafted piece at Ars Technica, detailing new defensive machinations undertaken by Facebook, Inc. (Nasdaq: FB) attorney's and (as a matter of course) Mark Zuckerberg)...
"Facebook's $5 billion settlement with the Federal Trade Commission this summer smashed records: the FTC had never before fined any company such a hefty amount. But even though critics immediately lambasted the deal as a comparative slap on the wrist for Facebook, which earned about $56 billion in revenue in 2018, newly released documents show that the company was working hard to avoid any penalty at all—and its arguments then are just a prelude to defenses it may mount now, as dozens of state, federal, and international probes pile up around it." - via Kate Cox, comes this superlative piece at Ars Technica
SANS DFIR, Lenny Zeltser's, Jake Williams', Anuj Soni's, Evan Dygert's & Jim Clausing's 'The State of Malware Analysis: Advice From The Trenches' →
superlative DFIR videos on their SANS DFIR YouTube Channel
SANS DFIR, Mark Hallman's 'Enabling KAPE at Scale' →
superlative DFIR videos on their SANS DFIR YouTube Channel
Backups? We're Government IT, We Don't Need No Stinkin' Backups...
There is enough stupidity to spread around the Baltimore City information techonology landscape. One leg of the highly touted Information Security Benchmark Model Triad: Confidentiality, Integrity, and Availability was not met: Availability (include Integrity if you examine what became of the integrity of the data, which of course, is impactful of the Confidentiality of the data). Where were the security folks in this conflagration?
"In a report to a committee of the Baltimore City Council last week, City Auditor Josh Pasch said that the city's Information Technology department could not provide any documentation of its work toward meeting agency performance goals because the only copies of that data were kept on local hard drives and never backed up to a server or the cloud." - via Sean Gallagher in his blog post published at Ars Technica
SANS DFIR, David Szili's 'Advanced Zeek Usage Scripting And Framework' →
superlative DFIR videos on their SANS DFIR YouTube Channel
SANS DFIR, Lee Whitfield's 'Ready Forensicator One' →
superlative DFIR videos on their YouTube Channel
Black Hat USA 2019, Christoffer Jerkeby's 'Command Injection In F5 iRules' →
tremendous conference videos on their YouTube Channel
Black Hat USA 2019, Marie-Sarah Lacharite's 'Breaking Encrypted Databases: Generic Attacks On Range Queries' →
tremendous conference videos on their YouTube Channel
Microsoft Decides To Finally Block Additional Files In OWA, Subsequently Provides Workarounds To Carry On Transmitting Them
via Zeljka Zorz, Managing Editor at HelpNet Security, comes news of Microsoft Corporation's (NASDAQ: MSFT) dollar-short-and-day-late decision to block an additional forty additional file types from their deeply flawed Outlook on the Web product... Oh, and thanks for the work arounds...
'Microsoft also pointed out that blocked files can still be sent and received, either by renaming them (and making the recipient change the name again), compressing them into an archive file, or saving them to the cloud or to a secure network share server and sending the link to them.' - via Zeljka Zorz, Managing Editor at HelpNet Security, comes news
Black Hat USA 2019, Uriel Malin's, Sara Bitan's, Avishai Wool's & Eli Biham's 'Rogue7: Rogue Engineering-Station Attacks On S7 Simatic PLCs' →
tremendous conference videos on their YouTube Channel