you can view the presentation here showing you how Cybercrooks are making money from malware.
Redline is a nice tool to investigate a particular host for signs of compromises. It works on Windows and is freely available on the FireEye site .
At a glance, we have options to collect data from the host or Analyse an existing data collected file. In our case , I am going to create a Standard Collector for the sake of this demo.
It is clear that the script will run the Collector and save it to a folder named ‘Sessions\AnalysisSession2´ in our case because we run the script twice as in the figure below
As said in the Readme.txt file, AnalysisSession2.mans has to be openend in Redline to continue with the investigation. We can go through the System Information,Processes,…
The tool is worth a try.
The digital forensics is the acquisition of digital evidence from many sources such as Laptop, PC, digital cameras, mobile phones ,Routers… USB and SSD cards. The first step is to make a clear picture of the object. The pictures must contain elements such a serial numbers, damaged areas. Then unscrew the device to take the hard disk we want to image using a forensics software. The next step, connect the disk to a write blocker, in case it is an SSD device, just connect it to an adapter and the adapter connected to the write blocker. Use your best computer forensics software to acquire the data.Also a brand new formatted disk drive to store the acquiring image.This target drive has to have a bigger capacity than the source drive. My favorite is X-Ways forensics.It is a good idea to use a Linux forensics acquisition tool too.Screw delicately the disk drive back to its initial location and document the findings using the chain of custody.
We welcome this month October in the security community, as the cybersecurity awareness month. There will be different topics everyday for cybersecurity awareness activities. Phishing is the action of getting sensitive information from the victim without using force. Test yourself on how to recognise fake emails from legitimate ones by taking one of these test:
Wireless networks are an easy way to connect our laptop, tablet or phone to the internet. Instead of using the traditional RJ45 cabling , the devices just needs to have a wireless card. There are three main types of encryption in wireless network:
Wired Equivalent Privacy(WEP) which is available in 64-bit and 128-bit . It uses RC4 encryption (stream cypher) with 40-bit key and 24-bit initialization vector for encryption. It supports the Open authentication method with the MAC address and the shared authentication method with pre-shared keys.
Wifi Protected Access (WPA) : It uses Temporal Key Integrity Protocol (TKIP) for encryption. It supports pre-shared key (WPA personal) and 802.1x (WPA Enterprise) authentication.
Wifi Protected Access 2 (WPA2) or 802.11i: It uses Advanced Encryption Standard with either TKIP or counter mode with cipher block chaining message authentication code (CBC-MAC). It also supports pre-shared key (WPA2 personal) and 802.1x (WPA2 Enterprise) authentication.
The computers of the IAEA have been infected by a malware.The nuclear agency holds sensitive information from many European states and is an active actor in the fight against Nuclear weapons. It appears that the malicious software once installed was able to transfer information from USB drive of any visitors to the office in Vienna. Though the thumb drive was not a vector, but the victim in this infection.
Microsoft Digital crime unit has introduced a cloud based technology to help organizations worldwide to fight against malware. It is a technology called Windows Azure-based Cyber Threat Intelligence Program (C-TIP) that will allow the interested parties to share information on real time. But Microsoft advises to use the Malicious Software Removal Tool to clean infected computers. The new C-TIP takes this effort to a new level.
ZMap is a security tool able to scan the entire internet in matter of second. Contrary to Nmap that looks for multiple port on an range of IP address, ZMap on the inverse searches for the entire IPV4 address on a single port.
For those Interested, the tool is here