SANS Digital Forensics and Incident Response Blog: Category - Advanced Persistent Threat

Three Steps to Communicate Threat Intelligence to Executives.

As the community of security professionals matures there is a merging of the intel community, the incident response professionals, and security operations. One struggle folks have is how to make the threat intelligence actionable for the business. You have the large data from Recorded Future, yet, how do you apply the data in a practical … Continue reading Three Steps to Communicate Threat Intelligence to Executives.


WannaCry Ransomware Threat : What we know so far - WEBCAST slides

The WannaCry ransomware worm is unprecedented for two reasons. First, it's a ransomware worm. Second, it appears to be using a recently patched exploit that was stolen from NSA to propagate. Jake Williams' firm, Rendition Infosec, has been tracking the use of this exploit since it was publicly released and completed another internet-wide scan of … Continue reading WannaCry Ransomware Threat : What we know so far - WEBCAST slides


Mass Triage Part 3: Processing Returned Files - At Jobs

Our story so far... Frank, working with Hermes, another security analyst, goes to work to review the tens of thousands of files retrieved by FRAC. They start off by reviewing the returned AT jobs. AT Job Used by Actors AT jobs are scheduled tasks created using the at.exe command. At jobs take the filename format … Continue reading Mass Triage Part 3: Processing Returned Files - At Jobs


Webcast Summary: New SANS Cheat Sheet: A Guide to Eric Zimmerman's Command Line Tools

Thank you for attending the SANS New Cheat Sheet: "A Guide to Eric Zimmerman's Command Line Tools" webcast. For webcast slides and recording visit:http://www.sans.org/u/raj To download the Cheat Sheet visit:http://digital-forensics.sans.org/u/rao To download Eric's Command line tools visit:https://ericzimmerman.github.io/ In this webinar, Eric covered several tools that can be used to show evidence of execution … Continue reading Webcast Summary: New SANS Cheat Sheet: A Guide to Eric Zimmerman's Command Line Tools


DFIR Summit 2017 - CALL FOR PRESENTATIONS

Call for Presentations Now Open! Submit your proposal here: http://dfir.to/DFIR-CFP-2017 Deadline: January 16th at 5pm CT The 10th Annual Digital Forensics and Incident Response Summit Call for Presentations is open through 5 pm EST on Monday, January 16, 2017. If you are interested in presenting or participating on a panel, we'd be … Continue reading DFIR Summit 2017 - CALL FOR PRESENTATIONS