Super-Scale ForSec Linkpost

I think this post is going to have the same number of URLs as Christmas tree ornaments and mantle decorations that I hung and set out this afternoon. That’s to say there are a lot, and I am quite behind when considering the calendar.

I’ve been collecting these for at least two months and there are too many now to continue to put off posting them for reference. I’ve tried to group them somewhat for consistency in theme.

Exploits

• POWELIKS Levels Up With New Autostart Mechanism – TrendLabs Security Intelligence Blog
• YARA Registry Scanner - Didier Stevens Videos – example is with poweliks.
• Operation Pawn Storm: Putting Outlook Web Access Users at Risk – TrendLabs Security Intelligence Blog
• Banking Trojan Targets South Korean Banks; Uses Pinterest as C&C Channel – TrendLabs Security Intelligence Blog – This was interesting as it used information seeded in Pintrest “comments” for command and control.
• Malvertising hits ‘The Times of Israel’ and ‘The Jerusalem Post’, redirects to Nuclear Exploit Kit - Malwarebytes Unpacked
• IRS phone scammers double up their efforts for the holidays - Malwarebytes Unpacked
• Here, Vishy Vishy… - Malwarebytes Unpacked
• Malware Detected by Malwarebytes Anti-Malware 2014-11-16 – MoonPoint Software blog
• Scan of Windows system with Malwarebytes Anti-Malware on 2014-12-07 – MoonPoint Software blog
• Rogue E-Books Could Pose Threat to Amazon Accounts - Malwarebytes Unpacked

Advice and Guidance

• You got the well-paid IT Security job. Now what? – Hexacorn blog
• Do you have a Data Breach Response Plan? – SANS Infosec Community Forums
• How to Track Your Malware Analysis Findings – Sans Digital Forensics and Incident Response blog
• The Human and Process Elements of an Incident Response Plan - Speaking of Security RSA blog
• Scalable Incident Response Strategies - Speaking of Security RSA blog
• Security Done the Right Way: Adaptive Defense - FireEye Blog
• Has your threat feed made you lazy – Handler Diaries
• Why breaches happen under IR teams noses – Hexacorn blog
• The 3 stages of 3ages – Hexacorn blog

AV/AM

• CryptoPrevent v7.3.x - Improved Protections and New Features! - Foolish IT LLC
• CryptoPrevent: Does it work on the NEW Crypto-whatever? - Foolish IT LLC
• Bitdefender Offers CryptoWall Vaccine – Bitdefender Labs
• Bitdefender releases free CryptoWall Immunizer – BetaNews
• Vinsula releases free tool to brute force ZeroLocker decryption keys – Bleeping Computer News
• Microsoft cloud protection - Microsoft Malware Protection Center blog
• Close means close: New adware detection criteria - Microsoft Malware Protection Center blog
• Staying in control of your browser: New detection changes - Microsoft Malware Protection Center blog
• Microsoft antimalware to lock down system settings - ZDNet
• The art of disrespecting AV (and other old-school controls) – Hexacorn blog
• The art of disrespecting AV (and other old-school controls), Part 2 – Hexacorn blog
• Researchers test EMET 5 protections, find them wanting – Help Net Security news

Analysis

• Two Sides to Every Story: Advanced Analytics in Security - Speaking of Security RSA blog
• The Targeted Forensics Series: Confirming Remote Desktop Connections (Part 1 of 2) - Speaking of Security RSA blog
• The Targeted Forensics Series: Confirming Remote Desktop Connections (Part 2 of 2) - Speaking of Security RSA blog
• Registry Analysis with CrowdResponse - Forensic Methods
• RegRipper v2.8 is now on GitHub - Windows Incident Response
• Windows Event Logs - Windows Incident Response
• Tr3Secure Collection Script Updated – Journey Into Incident Response
• Timeline Analysis by Categories – Journey Into Incident Response
• Prefetch File Meet Process Hollowing – Journey Into Incident Response
• CSIRT Request Tracker Installation Guide – Journey Into Incident Response
• File History Research - Part 1 - Random Thoughts of Forensics
• File History, Research - Part 2 - Deconstructing the Catalog. - Random Thoughts of Forensics
• Introducing Filescanner.exe - Didier Stevens
• FileScanner.exe Part 2 - Didier Stevens
• FileScanner.exe Part 3 - Didier Stevens
• FileScanner.exe Part 4 - Didier Stevens
• PDF Tools - Didier Stevens
• PDF Creation – Public Tools - Didier Stevens Videos
• Five Anti-Debugging Tricks That Sometimes Fool Analsysts - Malwarebytes Unpacked
• Beyond good ol’ Run key, Part 18 – Hexacorn blog
• Beyond good ol’ Run key, Part 19 – Hexacorn blog
• 3R updated to cover new RegRipper plug-ins – Hexacorn blog
• Regulex & Visualized regexes – Hexacorn blog
• Decompiling compiled AutoIT scripts (64-bit) – Hexacorn blog

Web Security

• Does an insecure website compromise the security of a payment system in an iframe? - Troy Hunt’s blog
• Watching “Have I been pwned?” Pastebin notifications in action - Troy Hunt’s blog
• “Have I been pwned?” – now with RSS! - Troy Hunt’s blog
• Introducing paste searches and monitoring for “Have I been pwned?” - Troy Hunt’s blog
• LinkedIn Feature Exposes Email Addresses - Krebs on Security
• Website Security - RSS Reveals Malware Injections - Sucuri Blog

Network Bits

• Bitdefender's BOX hardware protects your entire home network, not just your PC – PCWorld – Yes, we have now reached the point where network perimeter defense appliances have reached the home market. I expect this will be just the tip of a new round of such devices.
• Detecting irregular programs and services installed in your network - InfoSec Handlers Diary Blog
• Flushing out the Crypto Rats - Finding "Bad Encryption" on your Network –InfoSec Community Forums
• The Easy-to-Miss Basics of Network Defense - TrendLabs Security Intelligence Blog
• Verifying Chinese MITM of Yahoo - NETRESEC Blog
• toolsmith: HoneyDrive - Honeypots in a Box - HolisticInfoSec

In the Library (mostly whitepapers)

Note: Many of these are PDF links and will open in your web-browser as a PDF…

• (IN)SECURE Magazine issue 44 released – Help Net Security News
• The whitepapaer and .pdf presentation slides for GRR: Find All the Badness, Collect All the Things – Black Hat 2014
• Security Visibility in the Enterprise – SANS Reading Room (PDF link)
• MalwareD: A study on network and host based defenses that prevent malware from accomplishing its goals. – SANS Reading Room (PDF link)
• Forensic Images: For Your Viewing Pleasure – SANS Reading Room (PDF link)
• Home Field Advantage - Using Indicators of Compromise to Hunt down the Advanced Persistent Threat – SANS Reading Room (PDF link)
• A Guide on How to Find Cardholder Data without Automated Tools for PCI Assessors – SANS Reading Room (PDF link)
• Validating Security Configurations and Detecting Backdoors in New Network Devices – SANS Reading Room (PDF link)
• Creating a Threat Profile for Your Organization – SANS Reading Room (PDF link)
• Security Operations Centre (SOC) in a Utility Organization – SANS Reading Room (PDF link)
• Hardening Retail Security – SANS Reading Room (PDF link)
• Breaches Happen: Be Prepared – SANS Reading Room (PDF link)
• Finding the Advanced Persistent Adversary – SANS Reading Room (PDF link)
• Forensicator FATE - From Artisan To Engineer – SANS Reading Room (PDF link)
• Intelligence-Driven Incident Response with YARA – SANS Reading Room (PDF link)
• Security Skills Assessment and Training: The Critical Security Control that can make or break all others – SANS Reading Room (PDF link)
• Evidence Collection From Social Media Sites – SANS Reading Room (PDF link)

Live CD News

• CAINE Live USB/DVD - CAINE Computer Forensics Linux Live Distro
• CAINE 6.0 Dark Matter 64bit released! – CAINE Computer Forensics Linux Live Distro

Whew!

Cheers!

--Claus Valca