Final link push for the GSD blog before shutting down for the night.
I hope all you ForSec guys and gals have had a restful Labor Day before heading back into the trenches tomorrow.
Here are some links of note to review this week that I picked out.
Did It Execute? - M-unition blog post by Mary Singh on incident response.
Anatomy of an ongoing Drive-by-Download campaign - ZScaler ThreatLabZ blog post
Psst. Your Browser Knows All Your Secrets. - SANS ISC Diary guest post by Sally Vandeven on pulling the crypto keys in a browser.
Cookie Cadger - project homepage. From the link:
“Cookie Cadger helps identify information leakage from applications that utilize insecure HTTP GET requests.
“Web providers have started stepping up to the plate since Firesheep was released in 2010. Today, most major websites can provide SSL/TLS during all transactions, preventing cookie data from leaking over wired Ethernet or insecure Wi-Fi. But the fact remains that Firesheep was more of a toy than a tool. Cookie Cadger is the first open-source pen-testing tool ever made for intercepting and replaying specific insecure HTTP GET requests into a browser.
“Cookie Cadger is a graphical utility which harnesses the power of the Wireshark suite and Java to provide a fully cross-platform, entirely open-source utility which can monitor wired Ethernet, insecure Wi-Fi, or load a packet capture file for offline analysis.”
Book stuff - Windows Forensic Environment - Brett Shavers teases us again with brief news he continues to develop a standalone WinPE/FE “one-push” builder. Also he has released an early Kindle version of his X-Ways Forensics Practitioner’s Guide. Finally Brett gives recommendations for some other great ForSec reference books in his post.
Sadly, I am embarrassed to confess that I have just rediscovered the SANS Institute: Reading Room.
It appears their Latest 25 Papers RSS link to the page may have some issues as though I can load it in Firefox, trying to use it in a dedicated RSS reader generates an error that it cannot find actual RSS data on the page. Hmm.
Anyhows…since I just found it (again) there are gazillion (or slightly less) new whitepapers for review and reading.
Here are the ones I picked out that looked interesting to my desk operations:
- 60 Seconds on the Wire: A Look at Malicious Traffic - (direct PDF Link) - SANS Reading Room whitepaper by Kiel Wadner - August 22, 2013.
- Live Response Using PowerShell - (direct PDF Link) - SANS Reading Room whitepaper by Sajeev Nair - August 20, 2013.
- Event Monitoring and Incident Response - (direct PDF Link) - SANS Reading Room whitepaper by Ryan Boyle - May 15, 2013.
- Detecting Security Incidents Using Windows Workstation Event Logs - (direct PDF Link) - SANS Reading Room whitepaper by Russ Anthony - August 22, 2013.
- Windows Logon Forensics - (direct PDF Link) - SANS Reading Room whitepaper by Sunil Gupta - March 15, 2013.
- Custom Full Packet Capture System - (direct PDF Link) - SANS Reading Room whitepaper by Derek Banks - April 16, 2013.
- Security Best Practices for IT Project Managers - (direct PDF Link) - SANS Reading Room whitepaper by Michelle Pruitt - June 24, 2013.
- Get Out of Your Own Head: Mindful Listening for Project Managers - (direct PDF Link) - SANS Reading Room whitepaper by Charlie Scott - December 20, 2010.
- The Death of Leadership in Management - (direct PDF Link) - SANS Reading Room whitepaper by Dana Hudnall - September 12, 2013.
That last link reminded me of the following particular motivational leadership links I keep handy on my blog sidebar:
- Getting the Job Done - TaoSecurity blog’s Richard Bejtlich.
- AFOATS Training Manual - 2004 edition via Google Docs
- Five Qualities of Real Leadership - TaoSecurity blog’s Richard Bejtlich.
- What I've Learned - USNI Blog post by Alexander Martin