Wow, what a week. It’s been crazy but I’ve finally found some time to post.
Here is the list:
Offensive Security 101 v.2.0 – Looks like Offensive Security 101 v2.0 is out.
Offensive Security 101 v.2.0″ is a course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. The course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students.
Calling all Web Hacks of 2007 – Good list of the web hacks that came out in 2007.
The hardest part is collecting a rather complete list of references to vote on, they’re all over the place, so that’s the reason for this post. Below is what I’ve gathered so far, and if you know of others, please comment them in with the title and link and I’ll add them. In the next few days the list will be compiled and I’ll create an open survey.
Two articles from SANS Information Security Reading Room:
GIAC Certified Incident Handler (GCIH) Exam and Beyond – Great post about the path to the GCIH certification and the next steps.
I find myself wondering, what is my next objective? I simply do not know. DoD offers great opportunities and they are attempting to addressing cyber security threats.
My 2008 Security Predictions! – Anton’s predictions for 2008…let’s see what happens with them 🙂
So, just as in 2006 and 2007, I am coming up with security predictions that cover both technology and market. I just posted a review of my last’s year’s prediction where I mostly erred on the conservative side. I promise to be more ‘extreme’ this year, while still keeping the old wisdom of Richard Feynman in mind: if you predict the status quo, you are more likely to be correct…
Is Your Information Security Program Real or Only a Check box? – In a world where a check box is a marketers dream…
We all know that in order for a Information Security Program to really be successful it has to have support starting at the top. The IT manager can’t decide that a program is needed and start implementing it and expect it to really succeed. That doesn’t mean that it won’t succeed but the IT manager will have to do a lot of leg work to make it happen.
IR Immediate Actions – Great post by Harlan on the first thing you should do when approaching a compromised system.
If there is data leakage due to an intrusion (or this is suspected, or this is just a question that needs to be answered…), then the immediate reaction is (apparently) to shut the system down. This may be pertinent, particularly if there is no incident response plan in place that lets people know what they need to do, and time is required to notify and get approval for follow-on activities (such as calling consultants). This reaction appears to be fairly ingrained, and I’m not suggesting that we change it by saying DO NOT shut systems down. What I am going to suggest is that we modify those immediate actions such that pertinent information is collected from systems before they are shut down.
Certified Wireless Analysis Professional Online Book – Good catch Michael! I’ve never read the book before but, at first glance, the dedications chapter is a bit over the top.
The online book, Certified Wireless Analysis Professional study guide is up, offered from CWNP. This looks pretty darn detailed.
Data Recovery Challenge – Kind of cool. I can’t wait to see the results.
Is it possible to recover data from a hard disk drive that has been overwritten with zeros? This is the question behind the The Great Zero Challenge that starts today.
NSA Must Examine All Internet Traffic to Prevent Cyber Nine-Eleven, Top Spy Says – Ummm…ya….right…makes perfect sense…I guess?
The nation’s top spy, Michael McConnell, thinks the threat of cyberarmageddon! is so great that the U.S. government should have unfettered and warrantless access to U.S. citizens’ Google search histories, private e-mails and file transfers, in order to spot the cyberterrorists in our midst.
Hunting Bugs Pre-Installation – Interesting new blog with an interesting post to go with it.
There are many things that can be automated in security testing, with the goal of freeing up time to perform manual analysis of interesting areas (or for pub lunches or playing pool etc.) Fuzzing is a great example of this – you leave the fuzzer crunching away while you review the source code or disassembly.
But fuzzing is just part of the work that needs to be done. If I have some downtime between consultancy gigs and I decide to do some bug hunting, I have to first choose a product that I think will have some interesting components, then I have to install it, then I have to do a quick informal analysis of its attack surface, then I have to attack it.
Linux Memory Analysis Challenge – Again, I can’t wait to see the results 🙂
Every year the Digital Forensics Research Workshop challenges the digital forensics community to work on a special assignment in order to stimulate focused research and the development of new tools. This year the challenge is to analyse the memory dump of a Linux host. The assignment and some details were just posted to the DFRWS web site. Submissions are due July 20, 2008.
Will Malware Kill the Internet? – I don’t know Andy. I have a feeling we’ll be fine.
I’m not normally negative about such things, but this has me worried. Also, not being one to point out a problem w/o offering up solutions I will repeat what all of you probably know. A few things that you can do to reduce the chance of getting malware on your system when surfing the Internet.
Logs = Accountability! – Anton’s right. Then again, it’s rare we’re not on the same page when talking about logs and their importance 🙂
Yes, there are many other mechanisms of accountability in an organization, but logs are the one that pervades all IT. And if you IT is not accountable, your business is neither. Thus, if you tend to not be serious about logs, be aware that you are not serious about accountability. Is that the message your organization wants to be sending?
Mexico and Africa to become malware hotspots – You had to know this was coming.
F-Secure reckons cybercrime will continue to be the main motive for malware creation over the next five years, but predicts that an alignment between broadband penetration and socio-economic factors such as economic development and lack of IT employment opportunities will see activity in the underground economy shifting towards India, Mexico and Africa.
NIST tests DCCIdd Version 2.0 – Cool doc that you should check out.
NIST has released the test results for version 2.0 of DCCIdd. According to the report DCCIdd did not acquire sectors that were hidden by a Device Configuration Overlay (DCO). Following a faulty sector the tool filled up to 7 additional sectors with null bytes.
Is This For Real? – A lot of people have been reporting this but I thought I’d link to Richard’s post on the topic. My question is, where was this inside knowledge obtained?
Paller said that Donahue presented him with a written statement that read, “We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet.”