I am super-behind on my blog posting of Forensics/Security news of note.
Here is a rapid-fire linkfest dump.
Some is old news and some is hot-off-the-press.
Cross-pollination is to be expected.
- CaseLeads: China Cyber Espionage Exposed, Account Issues with Twitter and Plenty of Great How-To's - SANS Computer Forensics and Incident Response Blog
- Hiding Data in Hard-Drive's Service Areas (PDF Link) - Ariel Berkman - Recover Information Technologies LTD
- Intro to Report Writing for Digital Forensics - Brad Garnett - Part I - SANS Computer Forensics and Incident Response Blog
- Report Writing for Digital Forensics: Part II - Brad Garnett - Part I - SANS Computer Forensics and Incident Response Blog
- HolisticInfoSec: toolsmith: Redline, APT1, and you – we’re all owned - Holistic Info blog
- Open Source Forensics for Windows, MacOS, and Linux - LoveMyTool blog. Casey Mullis outlines a forensic tool, the Digital Forensics Framework. Available directly or pre-packaged in Debian, Backtrack, DEFT, the SANS SIFT kit, and CERT.org package repository.
- Location Data within JPGs - Forensics from the Sausage Factory blog
- High Watermark - The Hacker Factor Blog - I am SO digging into Dr. Neal Krawetz’s awesome blog that covers all manner of things, but primarily photo/image forensics. Jump over and prepare to get lost and overload your favorites/bookmark folder in the process!
- (IN)SECURE Magazine - Issue 37 “Becoming a malware analyst edition” - now available for free PDF format download.
- Clean Windows Registry of USB Drives - GetUSB.info
- 3RPG - Rapid RegRipper Plugin Generator v0.3 - Hexacorn
- 3RPG – 4 RegRipper Plugins in 15 minutes - Hexacorn
- 3RPG – Rapid RegRipper Plugin Development - Hexacorn
- BinMode: IE Index.dat - Windows Incident Response blog
Supplemented with some “Sec”
- Another Forensics Blog: Finding and Reverse Engineering Deleted SMS Messages
- In-Depth Look: APT Tools of the Trade - TrendLabs Security Intelligence Blog
- The strange case of Gamarue propagation - Microsoft Malware Protection Center
- Research & Analysis of Zero-Day & Advanced Targeted Threats:YAJ0: Yet Another Java Zero-Day - Malware Intelligence Lab from FireEye
- UAC Impact on Malware - Journey into Incident Response blog
- Static analysis tool for examining binaries - Help Net Security
- Update: PDFiD Version 0.1.0 - Didier Stevens
- Update: pdf-parser Version 0.4.1 - Didier Stevens
- OS Image Wrangling - SpiderLabs Anterior
- Windows 8: Tracking Opened Photos - Digital Forensics Stream blog
- Wow6432Node: Registry Redirection - Windows Incident Response blog
- Houston We’ve Had a Problem – Wow64 - Journey into Incident Response blog
- Wipe the drive! Stealthy Malware Persistence Mechanism - Part 1 - SANS ISC Diary blog
- Wipe the drive! Stealthy Malware Persistence - Part 2 - SANS ISC Diary blog
Please correct me I I am wrong but I am now seeing the terms “YAJ0” and “YAJU” pretty often in blog posts and titles. YAJ0 seems to mean “Yet Another Java Zero-Day” and YAJU probably means “Yet Another Java Update”. That both of these are now come in text-worthy shorthand forms is no LOL-ROLFLMAO matter.
And a final object lesson…
Be careful in your watchfulness to not overlook the obvious hiding in plain sight.
- A Smuggling Trick - Daniel Miessler