One of the major problems concerning information security is malicious code. To evade detection, malware (an unwanted malicious piece of code) is packed, encrypted, and obfuscated to produce variants that continue to plague properly defended and patched systems and networks with zero-day exploits.
Technical Tuesday – 22 May 2012 – Predicting Malicious Behavior: Tools and Techniques for Ensuring Global Security by Dr. Gary Jackson
Network attacks are in the process of crippling organizations. Over the years, such attacks have grown in sophistication and ever increasing damage or extensive theft of sensitive or classified data/information has been the result. Although adversarial threat has increased in effectiveness including higher numbers of first-time attacks, network protection methodologies have remained essentially the same for decades.
Technical Tuesday – 3 April 2012 – Does Locard’s Exchange Principle Apply in Digital Forensics? by Ken Zatyko
In this presentation, we present a challenge question for today’s cyber experts, cyber scientists, and cyber analysts. Does Locard’s Exchange Principle apply in digital forensics? The dramatic increase in cybercrime and the repeated cyber intrusions into critical infrastructure demonstrate the need for improved security.
Technical Tuesday – 21 February 2012 – An Introduction to the (Ninja) Art of Data Carving and Steganography by Keith Bertolino
Since 2001 we’ve all heard the media buzz about “nameless U.S. officials” claiming that terrorists and foreign intelligence services have been using “steganography” applications to facilitate covert communication between their operatives. Steganography applications attempt to conceal digital data within other benign-appearing digital files.
Technical Tuesday – 6 December 2011 – Malware Analytics at Stream Rate – An Evolving Concept by Dr. Harold Jones
Windows Portable Executables (PEs) are a workhorse for network operations – BAE Systems’ North American network sees roughly 5K unique PEs per day, the vast majority of which are associated with approved activities (e.g., patch downloads).
The week of 28 November – 2 December 2011, cybergamut sponsored a special offering of the SANS SEC 504: Hacker Techniques, Exploits & Incident Handling training class along with a GCIH certification exam attempt at a tremendous savings for cybergamut members.
Technical Tuesday Workshop – 15 November 2011 – Ancient Alien Hypervisor Password Reset Utility Workshop by Eric Fiterman of Rogue Networks
Virtualization provides the backbone to many of the cloud computing services you hear about today. If you manage virtual or cloud infrastructure, there may come a time when you realize you’ve lost the password for a hypervisor or virtual data center cluster and need to get back in without reinstalling or destroying anything.
Conventional Wisdom says that if you forget your Window’s Password, it is time to reinstall your operating system. Things like a Windows Password are little barrier to hackers. During this demonstration, you see how a hacker is able to break into Microsoft operating systems like Windows 7 with very little effort.
Our Technical Director Panel members were:
- Al Holt of the NSA/CSS Threat Operations Center (NTOC)
- Greg Wessel of the NSA SIGINT organization
- Chip Willard of the NTOC Analysis Shop
Conventional IP networks are well understood in terms of security vulnerability, and how to protect against attacks. Even so, specific attacks (Stuxnet, etc) have shown that well engineered attacks are still viable.
Technical Tuesday – 19 July 2011 – Our Security Status is Grim (and the way ahead will be hard) by Brian Snow
Brian gives his view of why the current state of cyber security is so wretched, and draw parallels between the recent “Fiscal Debt Bubble” that led to our current recession and a current disturbing “Trust Bubble” in cyber security technologies.
He describes high level conceptual flaws in current cyber security architectures that many are not aware of, as well as detailed implementation flaws we frequently see.
Technical Tuesday – 28 June 2011 – Deep Packet Inspection by Peder Jungck of CloudShield Technologies, Inc and SAIC
Information assurance and cyber security has changed quite a bit since the days of access control lists, firewalls and intrusion prevention systems. Today, in countering modern malicious attacks, leveraging bulk filtering and blocking solutions can result in a significantly degraded network and drive a threat scenario that is more complex than can be easily countered. This presentation covers many forms of attacks that require active mitigation that is not focused on filtering but rather adapting the threat through manipulation of transactions.
Technical Tuesday – 24 May 2011 – APT Intrusion Remediation: The Top Do’s and Don’ts by Rob Lee of MANDIANT and The SANS Institute
During Incident Response, Advanced Persistent Threat (APT) remediation is challenging because from the first day the attacker selected your network as a target, they have operated knowing that they will someday be caught. Because of that, they attempt to cover their tracks and make it as difficult as possible for you to find them and extricate them from your network.
Technical Tuesday – 19 April 2011 – Stuxnet Redux: Malware Attribution & Lessons Learned by Tom Parker of Securicon
Recent incidents commonly thought to be linked to state sponsored activities have given rise to much discussion over the reliability of technical analysis as a source for adversary attribution – specifically in regards to what is commonly termed as the Advanced Persistent Threat (or APT).
Technical Tuesday – 29 March 2011 – Deep Packet Inspection for Cybersecurity ASW&R by Jeff Kuhn of Pangia Technologies
ASW&R is an acronym for Attack Sensing, Warning, and Response. It is an expansion of an earlier term, Attack Sensing and Warning (AS&W), used in some circles to define the activity of identifying cyber attacks and providing actionable information about them.
Technical Tuesday – 8 February 2011 – Network Device Exploitation with Universal Plug & Play by Terry Dunlap of Tactical Network Solutions
Universal Plug & Play (UPnP) is a convenience technology found in many embedded devices such as home routers and wireless access points. The purpose is to allow various heterogeneous, network-enabled devices (i.e. phones, video game consoles, DVRs, etc.) to seamlessly communicate to the outside world without user configuration. To this end, UPnP devices automatically make firewall changes to a user’s network without their knowledge.
Technical Tuesday – 4 January 2011 – Network Monitoring by Josh Goldfarb of 21st Century Technologies, Inc.
Proper monitoring of a large enterprise network is a critical component of the overall cyber security picture. However, data generated by network monitoring equipment is extremely cumbersome and presents the human analyst with numerous challenges. This talk aims to share successful techniques for streamlining analyst workflow, allowing organizations to get a handle on their data to better protect and defend their networks.