EMET and MS12-004 Protection
Metasploit added an exploit for MS12-004 today. Also, threat post has an article about attackers using this vulnerability. I decided to quickly test EMET against the Metasploit version, which is...
View ArticleGSE Orlando 2012
I recently passed the GSE written portion. While I did not find any surprises on the test, I did think it was a bit harder then just a combination of the GSEC, GCIH and GCIA into one test. I’m starting...
View ArticleFlashback Mac Malware Analysis and Removal
Flashback is Mac malware that has recently been showing up with a vengeance. The latest version .K is exploiting a newly patched java vulnerability on OS X. F-secure recently posted about detecting...
View ArticleEMET and IE 0 day ie_execcommand_uaf
Update: Microsoft has issued a “Fix it” for this issue. A offical patch should be in place tomorrow 21-Sept-2012. A new IE zero-day is out and is available from Metasploit. I needed to find out if...
View ArticleMySQL Stored Procedure, Prepared Statements and SQL Injection
I’ve been working on a MySQL project lately. This application does not take input directly from the user, but it still has to query the database to setup variables to then input data. I wanted to be...
View ArticleHow to use Java in the Enterprise while Limiting Exposure with IE Trusted Sites
Summary Java has become a difficult software to wrangle in the past 18 months due to the number of exploits released. Unfortunately, most enterprises have at least one critical application that relies...
View ArticleStop,Drop and File Carve
My lastest post on the storm center covers foremost and how to recover files off a corrupet drive.
View ArticleSANS GCIA Gold Paper (OHIDS)
My SANS GCIA gold paper has been published! It was a lot of work, but I’m very excited about it. You can get the paper here and the software here. Abstract Responding to incidents in an efficient...
View ArticleStormcenter Post
My first post as a Handler is up. It talks about litecoin mining and backdoors.
View ArticleMonitoring Windows Event Logs (Part 1)
I’m ISC Handler today and I’ve got a great post on how to use syslog to monitor important Windows event logs. This will have multiple parts as it will go deeper into special config.
View ArticleLinux Memory Dump with Rekall
Over at isc.sans.org I’m handler of the day! My latest post discusses dumping Linux memory. Please stop by and read the post.
View ArticleWPA-PSK Research Paper Review
I’m Handler for the day! Check out my post on the new WPA-PSK paper. https://isc.sans.edu/forums/diary/Exposing+WPA2+Paper/18061/1#30725
View ArticleAppLocker and OSSEC 2.8
I’m the Handler for today at the Storm Center. I have a great post on getting OSSEC and AppLocker working. Stop by and check it out....
View ArticleStormcenter Post
My first post as a Handler is up. It talks about litecoin mining and backdoors.
View ArticleStormcenter Post
My first post as a Handler is up. It talks about litecoin mining and backdoors.
View ArticleStormcenter Post
My first post as a Handler is up. It talks about litecoin mining and backdoors.
View ArticleStormcenter Post
My first post as a Handler is up. It talks about litecoin mining and backdoors.
View ArticleStormcenter Post
My first post as a Handler is up. It talks about litecoin mining and backdoors.
View ArticleStormcenter Post
My first post as a Handler is up. It talks about litecoin mining and backdoors.
View ArticleStormcenter Post
My first post as a Handler is up. It talks about litecoin mining and backdoors.
View Article
More Pages to Explore .....