The Targeted Forensics Series: Examination of Command Line RAR and 7-ZIP Prefetch Files (Part 2)

As an Advisory Consultant for RSA’s Advanced Cyber Defense practice, one of my objectives is show our clients how to focus on incident investigation and not just resolution. This is a holistic solution, made of many components, one of which I always recommend, is performing live response/targeted forensics. This series is focused on establishing procedures…

Read More

Can businesses be resilient on their own?

Can businesses and organizations be resilient on their own? By this I mean is it enough for a business organization to build resilient internal processes, IT infrastructure, facilities, and even third party relationships and rest assured they’re prepared for the next big event that comes along. To answer this question, I think we have to…

Read More

Observe what Matters

Recently, I spoke at the RSA EMEA Advanced Cyber Defense Summit in Rome where I gave a presentation on Cyber Threat Intelligence (CTI) and Incident Response (IR). It was a great event, well attended by over 300 security professionals who brought a lot of interest,  positive energy and meaningful discussion. Last year brought forth a…

Read More
Media Provided by : http://tribalchick101.deviantart.com/

Wolves Among Us: Abusing Trusted Providers for Malware Operations

Within the past year the RSA Incident Response (IR) team has worked multiple APT engagements where they’ve identified the adversary’s malware using a unique method of determining its Command and Control (C2) server. By leveraging trusted content providers, such as popular shopping sites and discussion forums, adversaries can perform operations within a network in plain…

Read More

Stop Them in their Tracks: A Cyber Kill Chain Approach

I first heard this concept at a cyber risk conference in New York…  A hacker entity has 1 shot to infiltrate your network, but you have 7 opportunities to stop them. Those seven opportunities refer to the Cyber Kill Chain. Patented by Lockheed Martin, the Cyber Kill Chain® is an intelligence-driven computer network defense framework…

Read More

RSA Conference: Born as an APT, Dies as our IOC

During the RSA Conference the RSA IR Team will discuss several arguments. Mine is “Born as an APT, Dies as our IOC” and will talk about the selection of “actionable IOCs” through the adoption of a specific IR methodology that speed up the IR investigation and triage processes: APT actors present a growing threat in…

Read More