Exciting Times

Hi everyone – This post is going to stray a little bit from others, as it’s more of a personal update (I’ll keep it brief). On the educational front, I get to spend next week on campus for my graduate residency. I’ll be glad to be back in VT for a bit, check out the […]

Read More →

Adding Flame to the Fire

If you pay any attention to any InfoSec related news sites, Twitter feeds, blogs or other sources, you’ve heard about a “new” piece of malware dubbed Flame or Flamer. News broke over the long weekend that a “highly sophisticated” tool for conducting cyber war (ugh…) had been discovered on several systems throughout the Middle East. […]

Read More →

A quick note on (to) $Vendors

I understand that most vendor contacts you initially receive are not technical people. I also understand that a sales or account manager’s job is to turn inquiries in to sales. However, I’m a firm believer that sales shouldn’t be the only goal of your account representative. They should be knowledgeable enough about the product that […]

Read More →

AICPA.org Phishing: Round 2

This morning I received another, slightly different, AICPA.org phishing email. This time, the spoofed sender was “Aaron Peters – security@intuit.com” (Header available at the bottom of the post). This email contained two hotlinks, both of which pointed to hxxp://foraver.de/wp-includes/aic.html. This post has a slightly more convincing version of the standard wait screen, which consists of […]

Read More →

Book Review: WFAT 3rd Edition

I recently finished reading the third edition of Harlan Carvey’s Windows Forensic Analysis Toolkit. This edition, as he clearly states throughout the text, is not meant to be a re-write of previous editions. Instead, it serves as a companion to both the second edition of the same text and Windows Registry Forensics. That being said, […]

Read More →

Threat Intel: AICPA.org Phishing Email

I received an email reportedly from support@aicpa.org this morning. The email was clearly a phishing email as I’m not a CPA and it was addressed to “Dear accounting officer”. A picture of the email is included below: In order to avoid muddying up the post, the email header is included at the bottom of the […]

Read More →

Thanks for Sharing – Indicators

Based on popular request, I’m listing the indicators that I gathered from the malware in the situation described in the previous post (Thanks for Sharing). Don Clifton (@Digitalsec4u) has also shared his (and will be updating more) over on his blog at digitalsecurity4u. The initial tip came from the following tweets by @c_APT_ure: #malware news […]

Read More →

Thanks for Sharing

Guess What? Sharing information about new threats and threat indicators really can make a difference! Most people reading this post are probably saying DUH!, but I thought I’d like to present a case study that occurred over the past two days. Before I start, thanks to everyone involved for giving me enough fuel to make […]

Read More →

A Survey of Computer Incident Information Sharing Frameworks

As with my last post, this was originally written for an intermediate assignment in my M.S. program. It has already been submitted for credit and slightly modified for the for the format. Comments or questions here or @digital4rensics are always welcome! Introduction, or Why These Frameworks? Computer security incident details are deeply technical, but it […]

Read More →