The TLP or Traffic Light Protocol is a set of designations designed to help sharing of sensitive information. It has been widely adopted in the CSIRT and security community.
The originator of the information labels the information with one of four colours. These colours indicate what further dissemination, if any, can be undertaken by the recipient. Note that the colours only mark the level of dissemination, not the sensitivity level (although they often align).
The … Read more.
For a recent project I had to do a basic forensic investigation of a hard drive. The assignment included two questions :
detect if there were viruses on the system analyzing the surf behavior of one of the users (policy related)
I want to share the steps that I took to do basic forensics on a cloned disk image. This is not an in-depth forensic investigation but it was enough for this assignment.
… Read more.
I use Apple OSX for my day-to-day work. Because of my background with Linux and OpenBSD the OSX Terminal application is my most “popular” application.
Because I got spoiled with the ease of use of screen on Linux devices and the basic Terminal app on OSX is fairly limited in feature-set I was looking for an alternative that runs natively on OSX and provides similar features to screen.
TMUX is a terminal application that allows … Read more.
The Domain Name System Security Extensions (DNSSEC) is a suite of specifications for securing certain kinds of information provided by the Domain Name System (DNS) used in IP networks.
It does not solve every security problem related to DNS but it will protect users from cache poisoning and other malicious DNS attacks. See DNSSEC FAQs for more info. And implementing DNSSEC is also a great excuse to finally clean up your DNS zones …
As … Read more.
I have a couple of forked git repositories. When I want to add custom code it’s useful to get the latest available code from the “original” repository. Before I can do that I have to sync my fork with the latest available code.
The steps to do this are explained extensively in the Github help, this is merely a placeholder for my own documentation.
Some online resources
https://help.github.com/articles/syncing-a-fork/ https://help.github.com/articles/configuring-a-remote-for-a-fork/
The first step that you will … Read more.
A picture is worth a thousand words. This is even more true for visualising security events.
There are different ways for visualising the source of security events. For example with the use of Kibana and Maxmind GeoIP it is possible to map security events on a world map.
Sometimes you don’t want to go through the entire chain of processing events and mapping them on a world map.
I found an easy way to map … Read more.
For a recent project I had to convert Windows Event Log files from a Windows machine to a plain text file. To accomplish this I used the EvtxParser tools from Andreas Schuster
It is a set of Perl files that you can run against the Event Log files.
EvtxParser is written in Perl. So obviously, you need Perl. On Ubuntu you need the extra packages libdatetime-perl and libcarp-assert-perl.
You also need to install two extra … Read more.
TLS (Transport Layer Security) and its predecessor SSL provide secure communication over a computer network. The most common use for TLS/SSL is for establishing an encrypted link between a web server and a browser. This allows you to guarantee that all data passed between the browser and the web server is private and not tampered with.
You can use certificates on both sides, the server side and the client side.
Web site certificates, or server … Read more.
Recently a group from INRIA, Microsoft Research, Johns Hopkins, the University of Michigan, and the University of Pennsylvania published an analysis of the Diffie-Hellman algorithm as used in TLS and other protocols. They reported on a downgrade attack against the TLS protocol which would allow attackers to read and possibly alter your supposedly secure communication with a website or VPN connection.
The issue is located in the EXPORT cryptography, similar to the FREAK attack (although … Read more.
I had a guest-posting published at IBM Security Intelligence : Comparing Free Online Malware Analysis Sandboxes.
Graphs made with cudeso posts stats
By continuing to use the site, you agree to the use of cookies. more information
An HTTP cookie, is a small piece of text sent from a website and stored in your web browser. Cookies are a reliable mechanism for websites to remember your preferences and improve your browsing experience.
If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.