SANS Digital Forensics and Incident Response Blog

Black Hat edition featuring stealthy hardware and software based attacks, advice for new InfoSec professionals, a malware quiz and more

This week's "Black Hat" edition of CaseLeads features an exclusive interview with David Kennedy who talks about stealthy, non-APT related attacks. In keeping with the stealth theme, we have an article about a new Pwn device from Pwnie Express and DARPA as well as an article about one of the founders of Kaspersky. NIST has a draft out on malware defense, the popular protocol analyzer Wireshark has been updated and for those that are trying to enter the Information Security profession, we have a collection of articles from several well known names in the industry and an easy malware related quiz.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to caseleads@sans.org.

Tools:

  • The Power Pwn from Pwnie Express extends the company's plug-n-hack paradigm. The DARPA funded device is a "digital wolf in sheep's clothing" in that it looks like a power strip that you might find in a typical office. The device's features include 802.11b/g/n, BlueTooth, 3G/GSM, Ethernet, proxy support, and numerous pen-testing tools running on Debian 6. The device will also accept instructions via text message or voice-recognition (Siri.) Pwnie Express is accepting pre-orders and expects to begin shipping units in late September.

Good Reads:

  • Lenny Zeltser invites you to try his malware and reverse engineering quiz.
  • SP800-83-rev1, a new draft from NIST addresses 10 ways enterprises can combat malware. Comments are being accepted.
  • Stealthy Attack By-Passes Nearly All Current Defenses - This is a CaseLeads exclusive courtesy of David Kennedy and fellow CL blogger Ira Victor. One session room at SecurityBSides Las Vegas 2012 was cordoned off for unique presentations. For this session, the room was packed. At virtually all technology conferences today, attendees are live tweeting, taking copious notes, snapping photos or videos of the demonstrations on the screen. Yet, in this special area of SecurityBSides Las Vegas, a tall, imposing security proctor in a bright red shirt with dark military style pants and a walkie-talkie stood up to made a special announcement: This is an "underground session." There will be no recordings, no note-taking, no exceptions. All phones, computers, cameras, video must be turned off. Any attendee seen taking notes, or using any device in any way during this talk can and will have it confiscated. Following the talk, the speaker David Kennedy granted CyberJungle Radio host, and SANS Forensics CaseLeads Blogger, Ira Victor, an exclusive interview. Kennedy talked about a series of attack vectors that use python, encryption, and Java Applets that can fully control Windows, Mac and Linux users. These attacks can by-pass anti-virus, next generation firewalls, intrusion detection systems, sandboxing systems, and according to Kennedy, bypass "?every single type of preventative technology out there?" (And, no this is not APT ("advanced persistent threat"), or some super high tech code.) Click here to download or listen to the ~6min segment.

News:

  • Wired has an interesting article about Eugene Kaspersky of Kaspersky Labs. The article outlines the background of the company's founder and provides a few details about how the company operates. The article is a little dramatic at times and in some places sounds more like a spy novel complete with Cold War spying and modern espionage.
  • Brian Krebs has a series of articles for those interested in becoming Information Security professionals. The collection currently features advice from Richard Bejtlich, Jeremiah Grossman, Bruce Schneier, and Thomas Ptacek. The series is also a great resource for those that are mentoring and developing Information Security professionals.

Levity:

Coming Events:

Call For Papers:

 

Digital Forensics Case Leads is a (mostly) weekly publication of the week's news and events relating to digital forensics. If you have an item you'd like to share, please send it to caseleads@sans.org.

Digital Forensics Case Leads for 20120727 was compiled by Ray Strubinger. Ray regularly leads digital forensics and incident response efforts and when the incidents permit, he is involved in aspects of information security ranging from Threat Intel to Risk Analysis.

Find us on Google+

1 Comments

Posted November 30, 2013 at 7:24 AM | Permalink | Reply

shiv singh

black hat edition feature nice and hardware and software based attack this software good for seo please update new information thanks for blog.