Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Contenuto fornito da IMF Security and Brian and Michael. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da IMF Security and Brian and Michael o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.
Simile a The Incident Response Podcast
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Daily update on current cyber security threats
…
continue reading
We help founders make something people want.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Player FM - App Podcast
Vai offline con l'app Player FM !
Vai offline con l'app Player FM !
))
Getting back to basics, IR 101 - Episode 013
Manage episode 263576476 series 2681668
Contenuto fornito da IMF Security and Brian and Michael. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da IMF Security and Brian and Michael o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.
Recorded May 2020
TOPIC: Getting back to basics, IR 101
OUR SPONSORS:
NEWS-WORTHY:
Best EDR Security Services In 2020 for Endpoint Protection
How to Avoid Spam—Using Disposable Contact Information
Shiny new Azure login attracts shiny new phishing attacks
Upgrading from EDR to MDR is Critical but Easier than You Think
The ransomware that attacks you from inside a virtual machine
SITE-WORTHY:
Malware Archaeology - Cheat Sheets
TOOL-WORTHY:
LOG-MD - The Log anD Malicious Discovery tool
“LOG-MD -a” will give you how you compare against the cheat sheets
MALWARE OF THE MONTH:
Qakbot
Typical delivery via a Office doc or URL
Created a folder in C:\Users
Key Detection points
Enable better logging AutoRuns - Uses Run key and Scheduled Task
WMIPrvSe launch binary in C:\Users
Binary in root of \Username directory C:\Users\\.exe
C:\Users\\AppData\Roaming\Microsoft\ Syswow64\Explorer.exe used Parent of Explorer.exe is NEVER a binary in C:\Users
Process injection of Syswow64\Explorer.exe
Ping 127.0.0.1
Scheduled Task created by a binary in C:\Users
Syswow64\Explorer,exe opening all the browsers
Binary in C:\User calling out to foreign country
PREVENTION
Block Office macros
Don’t allow uncategorized websites
EDR Software
Whitelisting C:\Users
TOPIC OF THE DAY:
Getting back to basics, IR 101
What is getting back to basics - IR 101
This will likely be multiple episodes
We will start with Windows
Why is this important?
WHEN you have an incident, data we, and you need will be available
This is probably the #1 finding and recommendation we have made to organizations we have been involved with over the years
Security tools fail, so other data you collect can help discover what happened where, when, and how
What is the problem we are wanting our listeners to solve?
To be better prepared in the event of an incident to speed up investigations
Give your SOC, IT, or Security people the data they need to investigate events
Make log management data better if you are collecting all the things
And of course… help your IR Consultancy do a better job FASTER
Other Articles:
-------------------
CIS Benchmarks
DerbyCon talk on EDR
DerbyCon talk on Winnti
15 episodi
Condividi
Manage episode 263576476 series 2681668
Contenuto fornito da IMF Security and Brian and Michael. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da IMF Security and Brian and Michael o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.
Recorded May 2020
TOPIC: Getting back to basics, IR 101
OUR SPONSORS:
NEWS-WORTHY:
Best EDR Security Services In 2020 for Endpoint Protection
How to Avoid Spam—Using Disposable Contact Information
Shiny new Azure login attracts shiny new phishing attacks
Upgrading from EDR to MDR is Critical but Easier than You Think
The ransomware that attacks you from inside a virtual machine
SITE-WORTHY:
Malware Archaeology - Cheat Sheets
TOOL-WORTHY:
LOG-MD - The Log anD Malicious Discovery tool
“LOG-MD -a” will give you how you compare against the cheat sheets
MALWARE OF THE MONTH:
Qakbot
Typical delivery via a Office doc or URL
Created a folder in C:\Users
Key Detection points
Enable better logging AutoRuns - Uses Run key and Scheduled Task
WMIPrvSe launch binary in C:\Users
Binary in root of \Username directory C:\Users\\.exe
C:\Users\\AppData\Roaming\Microsoft\ Syswow64\Explorer.exe used Parent of Explorer.exe is NEVER a binary in C:\Users
Process injection of Syswow64\Explorer.exe
Ping 127.0.0.1
Scheduled Task created by a binary in C:\Users
Syswow64\Explorer,exe opening all the browsers
Binary in C:\User calling out to foreign country
PREVENTION
Block Office macros
Don’t allow uncategorized websites
EDR Software
Whitelisting C:\Users
TOPIC OF THE DAY:
Getting back to basics, IR 101
What is getting back to basics - IR 101
This will likely be multiple episodes
We will start with Windows
Why is this important?
WHEN you have an incident, data we, and you need will be available
This is probably the #1 finding and recommendation we have made to organizations we have been involved with over the years
Security tools fail, so other data you collect can help discover what happened where, when, and how
What is the problem we are wanting our listeners to solve?
To be better prepared in the event of an incident to speed up investigations
Give your SOC, IT, or Security people the data they need to investigate events
Make log management data better if you are collecting all the things
And of course… help your IR Consultancy do a better job FASTER
Other Articles:
-------------------
CIS Benchmarks
DerbyCon talk on EDR
DerbyCon talk on Winnti
15 episodi
Tutti gli episodi
×
Benvenuto su Player FM!
Player FM ricerca sul web podcast di alta qualità che tu possa goderti adesso. È la migliore app di podcast e funziona su Android, iPhone e web. Registrati per sincronizzare le iscrizioni su tutti i tuoi dispositivi.
Simile a The Incident Response Podcast
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Daily update on current cyber security threats
…
continue reading
We help founders make something people want.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Player FM - App Podcast
Vai offline con l'app Player FM !
Vai offline con l'app Player FM !
