SANS Digital Forensics and Incident Response Blog: Category - apt

Announcing the GIAC Network Forensic Analyst Certification - GNFA

A new security certification focused on the challenging field of network forensics BETHESDA, MD - October 7, 2014- Global Information Assurance Certification (GIAC) is pleased to announce a new forensics certification, the GIAC Network Forensic Analyst (GNFA). The GNFA validates that professionals who hold this credential are qualified to perform examinations employing network forensic artifact … Continue reading Announcing the GIAC Network Forensic Analyst Certification - GNFA


Deadline Approaching - APT Malware and Memory Challenge #DFIRCON

DEADLINE 31 Jan 2014 — Winner Announced - 3 Feb 2014 DFIRCON APT Malware & Memory Challenge The memory image contains real APT malware launched against a test system.Your job? Find it. The object of our challenge is simple: Download the memory image and attempt to answer the questions. To successfully submit for the contest, … Continue reading Deadline Approaching - APT Malware and Memory Challenge #DFIRCON


APT Malware and Memory Challenge

The memory image contains real APT malware launched against a test system. Your job? Find it. The object of our challenge is simple: Download the memory image and attempt to answer the 5 questions. DOWNLOAD LINK FOR MEMORY IMAGE:http://dfir.to/APT-Memory-Image Questions: What is the Process ID of the rogue process on the system? Determine the name … Continue reading APT Malware and Memory Challenge


When Cases Involve SSNs and Credit Card Data: "Sensitive Data Search and Baseline" Python Script

A key component of any investigation is the type of data exfiltrated. If sensitive data is on a compromised machine, risk is increased significantly. Also, there is a patch work of legislation covering various types of data which is considered sensitive (http://www.reyrey.com/regulations/). In general, social security and credit card numbers are at the top of … Continue reading When Cases Involve SSNs and Credit Card Data: "Sensitive Data Search and Baseline" Python Script


Overview of Microsoft`s "Best Practices for Securing Active Directory"

As incident responders, we are often called upon to not only supply answers regarding "Who, What, When, Where, and How" an incident occurred, but also how does the organization protect itself against future attacks of a similar nature? In other words, what are the lessons learned and recommendations based on the findings? A new paper … Continue reading Overview of Microsoft`s "Best Practices for Securing Active Directory"