Today, CyberEdge released their third installment of the Cyberthreat Defense Report in order to gain an understanding and provide awareness of how IT security teams defend against threats. The report analyzes the current state of cyber security, including the perceptions…
Read MoreFebruary 10, 2016
The Challenge Microsoft Windows PowerShell is a powerful scripting environment. The PowerShell execution polices are provided in order to let you determine the conditions under which scripts may be run. The default option is “Restricted,” which doesn’t allow any scripts…
Read MoreFebruary 3, 2016
In 2014, SANS published a Digital Forensics poster called “Know Abnormal…Find Evil.” This resource delves into the differences between normal and abnormal behavior—and what you might look for or ignore in a digital forensics investigation. The Challenge Using this reference…
Read MoreJanuary 12, 2016
The Challenge Malware authors may attempt to hide their processes “in plain sight” by calling them the same name as some common Windows processes. Very commonly, “svchost.exe” has been used for this purpose. It is difficult to catch this by…
Read MoreJanuary 8, 2016
The Problem How can you find out if a SmartResponse™ plug-in using PowerShell will run on a specific System Monitor Agent host? Also, with what user context will the SmartResponse plug-ins execute? Windows PowerShell execution policies let you determine the…
Read MoreJanuary 6, 2016
The threat landscape hasn’t really changed, except for a few minor adjustments. We are still seeing nation state threat actors, financial crime groups, hactivism (though that has been receiving less press lately), terrorist organizations and commodity threats (e.g., CryptoLocker). The…
Read MoreJanuary 4, 2016
##The Challenge Juniper issued an advisory on December 18th indicating that they had discovered unauthorized code in some versions of the ScreenOS software that powers their Netscreen firewalls. The advisory covers two issues: One was a backdoor in the VPN…
Read MoreDecember 29, 2015
Cybersecurity continued to be a problem for many companies in 2015, with several large financial institutions, retailers and insurance companies admitting to damaging breaches worth millions of dollars. The rise of cyber attacks is most likely here to stay. The…
Read MoreDecember 22, 2015
As we approach 2016, security experts are reflecting on the cyber attacks of this year and making predictions as to what the threat landscape may look like in the coming months. This year, there will be innovative security initiatives, different…
Read MoreDecember 22, 2015
This is the final part of the series on tracking group policy changes. As I have mentioned a couple of times, one thing that makes monitoring group policy changes difficult is the fact that Microsoft logs the GUID of the…
Read MoreDecember 16, 2015
