Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
IMF Security and Brian and Michael에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 IMF Security and Brian and Michael 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
The Incident Response Podcast와 비슷한 콘텐츠
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
What is the internet doing to us? The Times tech columnist Kevin Roose discovers what happens when our lives move online. Unlock full access to New York Times podcasts and explore everything from politics to pop culture. Subscribe today at nytimes.com/podcasts or on Apple Podcasts and Spotify.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
The avforums podcast brings you the latest tech, movie and gaming news, plus special features, interviews and show reports from the world of audio visual home entertainment
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
We promise we are not as Horrible as you think at video games, well maybe. Join us in a weekly show discussing video games, the culture around it and the latest topics going on in the industry. You’ll find insightful discussions , game reviews, and industry news that cater to all gaming enthusiasts. Join us as we dive deep into the world of gaming, sharing our thoughts and experiences. Give us a listen and share us with your friends. Your feedback is always welcome, and we appreciate your su ...
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
We help founders make something people want.
…
continue reading
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
))
Getting back to basics, IR 101 - Episode 013
Manage episode 263576476 series 2681668
IMF Security and Brian and Michael에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 IMF Security and Brian and Michael 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Recorded May 2020
TOPIC: Getting back to basics, IR 101
OUR SPONSORS:
NEWS-WORTHY:
Best EDR Security Services In 2020 for Endpoint Protection
How to Avoid Spam—Using Disposable Contact Information
Shiny new Azure login attracts shiny new phishing attacks
Upgrading from EDR to MDR is Critical but Easier than You Think
The ransomware that attacks you from inside a virtual machine
SITE-WORTHY:
Malware Archaeology - Cheat Sheets
TOOL-WORTHY:
LOG-MD - The Log anD Malicious Discovery tool
“LOG-MD -a” will give you how you compare against the cheat sheets
MALWARE OF THE MONTH:
Qakbot
Typical delivery via a Office doc or URL
Created a folder in C:\Users
Key Detection points
Enable better logging AutoRuns - Uses Run key and Scheduled Task
WMIPrvSe launch binary in C:\Users
Binary in root of \Username directory C:\Users\\.exe
C:\Users\\AppData\Roaming\Microsoft\ Syswow64\Explorer.exe used Parent of Explorer.exe is NEVER a binary in C:\Users
Process injection of Syswow64\Explorer.exe
Ping 127.0.0.1
Scheduled Task created by a binary in C:\Users
Syswow64\Explorer,exe opening all the browsers
Binary in C:\User calling out to foreign country
PREVENTION
Block Office macros
Don’t allow uncategorized websites
EDR Software
Whitelisting C:\Users
TOPIC OF THE DAY:
Getting back to basics, IR 101
What is getting back to basics - IR 101
This will likely be multiple episodes
We will start with Windows
Why is this important?
WHEN you have an incident, data we, and you need will be available
This is probably the #1 finding and recommendation we have made to organizations we have been involved with over the years
Security tools fail, so other data you collect can help discover what happened where, when, and how
What is the problem we are wanting our listeners to solve?
To be better prepared in the event of an incident to speed up investigations
Give your SOC, IT, or Security people the data they need to investigate events
Make log management data better if you are collecting all the things
And of course… help your IR Consultancy do a better job FASTER
Other Articles:
-------------------
CIS Benchmarks
DerbyCon talk on EDR
DerbyCon talk on Winnti
15 에피소드
공유
Manage episode 263576476 series 2681668
IMF Security and Brian and Michael에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 IMF Security and Brian and Michael 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Recorded May 2020
TOPIC: Getting back to basics, IR 101
OUR SPONSORS:
NEWS-WORTHY:
Best EDR Security Services In 2020 for Endpoint Protection
How to Avoid Spam—Using Disposable Contact Information
Shiny new Azure login attracts shiny new phishing attacks
Upgrading from EDR to MDR is Critical but Easier than You Think
The ransomware that attacks you from inside a virtual machine
SITE-WORTHY:
Malware Archaeology - Cheat Sheets
TOOL-WORTHY:
LOG-MD - The Log anD Malicious Discovery tool
“LOG-MD -a” will give you how you compare against the cheat sheets
MALWARE OF THE MONTH:
Qakbot
Typical delivery via a Office doc or URL
Created a folder in C:\Users
Key Detection points
Enable better logging AutoRuns - Uses Run key and Scheduled Task
WMIPrvSe launch binary in C:\Users
Binary in root of \Username directory C:\Users\\.exe
C:\Users\\AppData\Roaming\Microsoft\ Syswow64\Explorer.exe used Parent of Explorer.exe is NEVER a binary in C:\Users
Process injection of Syswow64\Explorer.exe
Ping 127.0.0.1
Scheduled Task created by a binary in C:\Users
Syswow64\Explorer,exe opening all the browsers
Binary in C:\User calling out to foreign country
PREVENTION
Block Office macros
Don’t allow uncategorized websites
EDR Software
Whitelisting C:\Users
TOPIC OF THE DAY:
Getting back to basics, IR 101
What is getting back to basics - IR 101
This will likely be multiple episodes
We will start with Windows
Why is this important?
WHEN you have an incident, data we, and you need will be available
This is probably the #1 finding and recommendation we have made to organizations we have been involved with over the years
Security tools fail, so other data you collect can help discover what happened where, when, and how
What is the problem we are wanting our listeners to solve?
To be better prepared in the event of an incident to speed up investigations
Give your SOC, IT, or Security people the data they need to investigate events
Make log management data better if you are collecting all the things
And of course… help your IR Consultancy do a better job FASTER
Other Articles:
-------------------
CIS Benchmarks
DerbyCon talk on EDR
DerbyCon talk on Winnti
15 에피소드
모든 에피소드
×
플레이어 FM에 오신것을 환영합니다!
플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.
The Incident Response Podcast와 비슷한 콘텐츠
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
What is the internet doing to us? The Times tech columnist Kevin Roose discovers what happens when our lives move online. Unlock full access to New York Times podcasts and explore everything from politics to pop culture. Subscribe today at nytimes.com/podcasts or on Apple Podcasts and Spotify.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
The avforums podcast brings you the latest tech, movie and gaming news, plus special features, interviews and show reports from the world of audio visual home entertainment
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
We promise we are not as Horrible as you think at video games, well maybe. Join us in a weekly show discussing video games, the culture around it and the latest topics going on in the industry. You’ll find insightful discussions , game reviews, and industry news that cater to all gaming enthusiasts. Join us as we dive deep into the world of gaming, sharing our thoughts and experiences. Give us a listen and share us with your friends. Your feedback is always welcome, and we appreciate your su ...
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
We help founders make something people want.
…
continue reading
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
