Author: nate

[This is the first part of a multi-part a guest diary written byDr. Ali Dehghantanha] One of the nightmares of any forensics investigator is to come across a new or undocumented platform or application during an investigation with tight deadlines! The investigator has only limited research time to detect evidences hoping not to miss any …

Read more “Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud (Part 1), (Mon, Jun 26th)”

For a few months now, passengers on flights from certain countries are no longer allowed to carry laptops and other larger electronic devices into the cabin. Many news media reported over the last weeks that this policy may be expanded to flight from Europe, or to all flights entering the US. But even if you …

Read more “Traveling with a Laptop / Surviving a Laptop Ban: How to Let Go of "Precious", (Mon, May 29th)”

We do continue to receive reports about DDoS extortion e-mail. These e-mails are essentially spammed to the owners of domains based on whois records. They claim to originate from well-known hacker groups like Anonymous who have been known to launch DDoS attacks in the past. These e-mails essentially use the notoriety of the groups name …

Read more “Fake DDoS Extortions Continue. Please Forward Us Any Threats You Have Received., (Fri, Jun 23rd)”

Malicious files are generated and spread over the wild Internet daily (read: hourly). The goal of the attackers is to use files that are: not know by signature-based solutions not easy to read for the human eye Thats why many obfuscation techniques existto lure automated tools and security analysts. In most cases, its just a …

Read more “Obfuscating without XOR, (Thu, Jun 22nd)”

Last months entertainment for many of us was of course the wannacray ms17-010 update. For some of you it was a relaxing time just like any other month. Unfortunately for the rest of us it was a rather busy period trying to patch systems that in some cases had not been patched in months or …

Read more “It has been a month and a bit how is your new patching program holding up?, (Wed, Jun 21st)”

This please let us know. Introduction Recently, I was confronted with a scenario where a very suspicious Windows pop-up message was shown to a specific user on a corporate network. It was a kind of Yes/No default Windows Dialog Box that, although I cannot reveal the message content, I can assure you that it was …

Read more “Windows Error Reporting: DFIR Benefits and Privacy Concerns, (Tue, Jun 20th)”

=============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

One of our readers (thanks Gebhard) mailed us a link to an article on what the press is apparently now calling a Revenge Wipe – a system administrator who has left the organization, and as a last hurrah, deletes or locks out various system or infrastructure components. In this case, the organization was a hosting …

Read more “As Your Admin Walks Out the Door .., (Mon, Jun 19th)”

When it comes to log collection, it is always difficult to figure out what to to capture. The primary reasons are cost and value. Of course you can capture every logs flowing in your network but if you dont have a use case to attach to its value, that equals to wasted storage and money. …

Read more “Mapping Use Cases to Logs. Which Logs are the Most Important to Collect?, (Sat, Jun 17th)”

When Im on shift, I really like to look at the port trends and see what the changes are. Looking at shifts in the network traffic is a great way to provide early warning that something new is out there. So today, port 83 caught my eye because its just not a common port you …

Read more “What is going on with Port 83?, (Fri, Jun 16th)”