Sunday, June 28, 2015

2015-028: using log analtyics to discover Windows malware artifacts


In this podcast, you'll learn about:

Log analytics software that can be used to parse system logs for naaty malware

Detecting Malware artifacts

learn about windows directory locations

looking for indicators like packing, changed hashes, etc

Tips for capturing malware using tools like RoboCopy

Learn about what code caves are and how malware hides inside them (http://www.codeproject.com/Articles/20240/The-Beginners-Guide-to-Codecaves)

 

SANS DFIR poster - https://www.sans.org/security-resources/posters/windows-forensics-evidence-of-75 


Here is a new episode of Brakeing Down Security!

Sunday, June 21, 2015

2015-027- detecting malware in Windows Systems with Michael Gough


Michael Gough joined us again to discuss malware detection techniques on Windows systems. We talk about how you can modify Powershell's defaults to allow for better logging potential. Also, we find out some hidden gems that pretty much guarantee to let you know that you've been infiltrated. 

Stay for the powershell security education, and you also learn some new terminology, like "Malware Archaeology", Malwarians, and 'Log-aholic', to name a few...


Here is a new episode of Brakeing Down Security!

Sunday, June 14, 2015

2015-026- Cloud Security discussion with FireHost


This week, we discuss various methods of enabling companies to move applications to cloud based platforms. 

We discuss containers, like Docker, and how various hosting services handle converting businesses from a traditional data centers to a secure. cloud based entity.

We even discuss securing the data in the cloud, preventing bad guys from accessing it, as well as the cloud provider themselves, who can be served with a subpeona to hand over data.

Brakeing Down Security would like to thank FireHost for allowing Chase and Mike to join us.


Here is a new episode of Brakeing Down Security!

Sunday, June 7, 2015

2015-025: Blue Team Army, Powershell, and the need for Blue team education


With last week's revelation from Microsoft that they will support SSH, understanding powershell has become more important than ever as a tool to be used by blue teamers, both for adminstration, and to understand how bad guys will use it for nefarious deeds on your network.

 

Part 2 of our interview with Mick Douglas discusses a bit more about the DEV522 class that he teaches for SANS, and why it seems that blue team (defenders) are not getting the training they should.  By being deficient in necessary skills, the knowledge between bad guys and the defenders widens. 


Here is a new episode of Brakeing Down Security!