Thursday, December 25, 2014

Is Compliance running or ruining Security Programs?


We at Brakeing Down Security world headquarters don't understand the concept of 'End of the Year' podcast, so consider this the "End-End of the Year" podcast.

We talked about the order of things... whether Compliance is a detriment to Security, and who should be running who.

 

So pull up a glass of eggnog, grabbing another cookie, and put another log on the fire, cause Brakeing Down Security is throwing out one more for the year!  Happy Holidays... all of them... :)


Here is a new episode of Brakeing Down Security!

Sunday, December 21, 2014

Brakeing Down/Defensive Security Mashup!


It's a Super Deluxe sized Brakeing Down Security this week...

It's something you've dreamed of forever (or not), but Jerry Bell and Andrew Kalat from Defensive Security Podcast stopped by and we made ourselves a podcast baby... Boy, was it ugly :)

I'm just kidding, we had a great time discussing some news, and going over what we learned... and any good end-of-year podcast must have predictions...  

We also discussed Sony, caused it's huge news of the year, and talked about Target, because we love dissing PCI... ;)

There might be a few bad words, so if you have small ears around, be advised...

When you're done, check out the other 96 episodes of Defensive Security, and check out our 55 other episodes..

 

http://www.defensivesecurity.org/

Twitter handles:

Andrew Kalat: https://twitter.com/lerg

Jerry Bell: https://twitter.com/Maliciouslink

 

 

Icon provided by DefensiveSecurity.org... I'd imagine they'd let us use it, since they were on the podcast ;)

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/


Here is a new episode of Brakeing Down Security!

Sunday, December 14, 2014

Tyler Hudak (@secshoggoth) Discusses incident respose, and DIY malware research


This week, Tyler gave us a great deal of information on where to start if you wanted to become a malware researcher. He also gave us websites where you can get malware and ways to analyze it. 

We asked Tyler what blue teams can do when they are infected, and he gave us some excellent advice...

I also recite some prose from a classic horror author, so come for the malware, stay for the prose! :)

***NOTE: I guess now would be a good time to mention that many of the links below have unsafe software and actual malware payloads, so use with extreme caution. Especially do not download anything from these sites unless it's in a VM that is not on your companies assets.***

http://www.hopperapp.com/ - Disassemble OSA binaries

http://en.wikibooks.org/wiki/X86_Disassembly/Disassemblers_and_Decompilers - other Disassemblers

http://vxheaven.org/ - Virus Heaven

http://www.malwaredomainlist.com/ - Find websites serving malware

http://oc.gtisc.gatech.edu:8080/ - Georgia Tech malware repository

Sandboxie - http://www.sandboxie.com/

KoreLogic - http://www.korelogic.com/ (lots of great tools here)

http://secshoggoth.blogspot.com/ - Tyler's Blog


Here is a new episode of Brakeing Down Security!

Sunday, December 7, 2014

Tyler Hudak discusses malware analysis


Tyler Hudak (@secsoggoth) came to discuss with us the process of doing analysis on malware binaries. We talk about MASTIFF, his malware framework.  We also discuss how to gain information from malware program headers, and some software that is used to safely analyze it.

Helpful Links:

Ida Pro: https://www.hex-rays.com/products/ida/

Process Monitor - http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

Mastiff White Paper: http://digital-forensics.sans.org/blog/2013/05/07/mastiff-for-auto-static-malware-analysis

Mastiff latest: http://sourceforge.net/projects/mastiff/files/mastiff/0.6.0/

cuckoo sandbox: www.cuckoosandbox.org

Anubis: https://anubis.iseclab.org/

 

PE Headers: http://en.wikipedia.org/wiki/Portable_Executable

ELF: http://fr.wikipedia.org/wiki/Executable_and_Linkable_Format

REMnux- reverse engineering linux distro:https://remnux.org/

 

Inetsim: http://www.inetsim.org/

 

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/


Here is a new episode of Brakeing Down Security!