Quantcast
Channel: Incident Response howto
Browsing all 30 articles
Browse latest View live

Image may be NSFW.
Clik here to view.

EMET and MS12-004 Protection

Metasploit added an exploit for MS12-004 today. Also, threat post has an article about attackers using this vulnerability. I decided to quickly test EMET against the Metasploit version, which is...

View Article



Image may be NSFW.
Clik here to view.

GSE Orlando 2012

I recently passed the GSE written portion. While I did not find any surprises on the test, I did think it was a bit harder then just a combination of the GSEC, GCIH and GCIA into one test. I’m starting...

View Article

Image may be NSFW.
Clik here to view.

Flashback Mac Malware Analysis and Removal

Flashback is Mac malware that has recently been showing up with a vengeance. The latest version .K is exploiting a newly patched java vulnerability on OS X.  F-secure recently posted about detecting...

View Article

Image may be NSFW.
Clik here to view.

EMET and IE 0 day ie_execcommand_uaf

Update: Microsoft has issued a “Fix it” for this issue. A offical patch should be in place tomorrow 21-Sept-2012. A new IE zero-day is out and is available from Metasploit.  I needed to find out if...

View Article

Image may be NSFW.
Clik here to view.

MySQL Stored Procedure, Prepared Statements and SQL Injection

I’ve been working on a MySQL project lately. This application does not take input directly from the user, but it still has to query the database to setup variables to then input data. I wanted to be...

View Article


Image may be NSFW.
Clik here to view.

How to use Java in the Enterprise while Limiting Exposure with IE Trusted Sites

Summary Java has become a difficult software to wrangle in the past 18 months due to the number of exploits released. Unfortunately, most enterprises have at least one critical application that relies...

View Article

Image may be NSFW.
Clik here to view.

Stop,Drop and File Carve

My lastest post on the storm center covers foremost and how to recover files off a corrupet drive.

View Article

Image may be NSFW.
Clik here to view.

SANS GCIA Gold Paper (OHIDS)

My SANS GCIA gold paper has been published! It was a lot of work, but I’m very excited about it.  You can get the paper here and the software here. Abstract Responding to incidents in an efficient...

View Article


Image may be NSFW.
Clik here to view.

Stormcenter Post

My first post as a Handler is up. It talks about litecoin mining and backdoors.

View Article


Image may be NSFW.
Clik here to view.

Monitoring Windows Event Logs (Part 1)

I’m ISC Handler today and I’ve got a great post on how to use syslog to monitor important Windows event logs. This will have multiple parts as it will go deeper into special config.

View Article

Image may be NSFW.
Clik here to view.

Linux Memory Dump with Rekall

Over at isc.sans.org I’m handler of the day! My latest post discusses dumping Linux memory. Please stop by and read the post.

View Article

Image may be NSFW.
Clik here to view.

WPA-PSK Research Paper Review

I’m Handler for the day! Check out my post on the new WPA-PSK paper. https://isc.sans.edu/forums/diary/Exposing+WPA2+Paper/18061/1#30725

View Article

Image may be NSFW.
Clik here to view.

AppLocker and OSSEC 2.8

I’m the Handler for today at the Storm Center. I have a great post on getting OSSEC and AppLocker working.  Stop by and check it out....

View Article


Image may be NSFW.
Clik here to view.

Stormcenter Post

My first post as a Handler is up. It talks about litecoin mining and backdoors.

View Article

Image may be NSFW.
Clik here to view.

Stormcenter Post

My first post as a Handler is up. It talks about litecoin mining and backdoors.

View Article


Image may be NSFW.
Clik here to view.

Stormcenter Post

My first post as a Handler is up. It talks about litecoin mining and backdoors.

View Article

Image may be NSFW.
Clik here to view.

Stormcenter Post

My first post as a Handler is up. It talks about litecoin mining and backdoors.

View Article


Image may be NSFW.
Clik here to view.

Stormcenter Post

My first post as a Handler is up. It talks about litecoin mining and backdoors.

View Article

Image may be NSFW.
Clik here to view.

Stormcenter Post

My first post as a Handler is up. It talks about litecoin mining and backdoors.

View Article

Image may be NSFW.
Clik here to view.

Stormcenter Post

My first post as a Handler is up. It talks about litecoin mining and backdoors.

View Article
Browsing all 30 articles
Browse latest View live




Latest Images