As the world (or at least, myself) begins to emerge from Lockdown, in-person events are returning. For me, this was initiated with an excellent trip to Manchester, experiencing Matillion’s Super All Hands gathering, meeting with new colleagues that had until that point merely been faces on a collage of Zoom tiles. As part of the […]
Category archives: Incident Response
Daily Paranoia
As a security guy I find my paranoia levels are slightly high than most, a little something inside me picks up on things that general users miss that indicate that something isn’t right. This morning was no exception….
Fuzzy hashing, memory carving and malware identification
I’ve recently been involved in a couple of discussions for different ways for identifying malware. One of the possibilities that has been brought up a couple of times is fuzzy hashing, intended to locate files based on similarities to known files.
Expert speaker session at Northumbria University
Last week I had the pleasure of being asked to speak at Northumbria University, presenting to students of the Computer Forensics and Ethical Hacking for Computer Security programmes. As I graduated from Northumbria a few years ago it was interesting to come back to see some familiar faces and have a look at how the […]
AV killing with powershell
A colleague recently introduced me to scripting with Powershell. After seeing a couple of examples of it’s strength for handling legitimate administration tasks my devious side came into play and I started imaging havok in my head.
Kon Boot
I’m running behind the curve on this one, but after several of my usual sources suggesting KonBoot as a useful addition to any security toolkit. The premise of Kon-Boot is simple, by modifying the system kernel (Windows or Linux) upon boot there is no need to know the users password to access the system. Kon-Boot […]
ZeroWine
Zero Wine is: an open source (GPL v2) research project to dynamically analyze the behavior of malware. Zero wine just runs the malware using WINE in a safe virtual sandbox (in an isolated environment) collecting information about the APIs called by the program. The output generated by wine (using the debug environment variable WINEDEBUG) are […]
Denial of Service with Slowloris
Earlier this week the ha.ckers.org blog posted the release of the Slowloris HTTP DoS tool primarily coded by Rsnake, discribed as The low bandwidth, yet greedy and poisonous HTTP client! The attack vector essentially works by initialising an HTTP request but never completes the request, causing the handling thread to wait for the end of […]
Lone Gunman & run books
Keeping with todays theme of working through a backlog, I’ve had two ISC diaries flagged for several months, Dealing with Security Challanges and Making the most of your runbooks. The first is more a question of how to handle security incidents and requirements with minimal resources. This seems to be a common theme, with lots […]