694 matches found
RSA Web Threat Detection SQL Injection Vulnerability
EMC RSA Web Threat Detection is a big data and security analytics solution from EMC. The solution detects cybercrime using Web session intelligence and real-time behavioral analysis. An SQL injection vulnerability exists in the Administration and Forensics applications in EMC RSA Web Threat...
IBM QRadar SIEM Unauthenticated Remote Code Execution
IBM QRadar SIEM has three vulnerabilities in the Forensics web application that when chained together allow an attacker to achieve unauthenticated remote code execution. The first stage bypasses authentication by fixating session cookies. The second stage uses those authenticated sessions cookies...
Windows Packer Project for Defenders: DARKSURGEON
Darksurgeon is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense. Darksurgeon has three stated goals: Accelerate incident response, digital forensics, malware analysis, and network defense with a preconfigured Windows 10 environment...
Bejtlich Joining Splunk
Since posting Bejtlich Moves On I've been rebalancing work, family, and personal life. I invested in my martial arts interests, helped more with home duties, and consulted through TaoSecurity. Today I'm pleased to announce that, effective Monday May 21st 2018, I'm joining the Splunk team. I will ...
Network Security Monitoring: Security Onion
Network Security Monitoring NSM is, put simply, monitoring your network for security related events. It might be proactive, when used to identify vulnerabilities or expiring SSL certificates, or it might be reactive, such as in incident response and network forensics. Whether you’re tracking an...
Sleuthing the Cloud: The Challenges of Forensics in Cloud Environments
More and more companies are embracing Cloud computing for the practicality, efficiency, and economy of outsourcing the housing, maintenance, and monitoring of applications and their associated infrastructure to a third-party provider. As the Cloud becomes more the norm than the exception, there i...
GRR Rapid Response - Remote Live Forensics For Incident Response
GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR...
2018 Cyberthreat Defense Report: Where IT Security Is Going
What keeps you awake at night? We asked IT security professionals the same question and found that these issues are top of mind: malware and spear phishing, securing mobile devices, employee security awareness and new technologies that detect threats capable of bypassing traditional signature-bas...
Essays from 7 Experts on Moving to a Cloud-Based Endpoint Security Platform
Carbon Black recently published a series of essays about the experiences of experts in the field on information security as they moved their endpoint security program to the cloud; this is one of those essays. To read the full series check out 7 Experts on Moving to a Cloud-Based Endpoint Securit...
PcapXray - A Network Forensics Tool To visualize a Packet Capture offline as a Network Diagram
PcapXray is a Network Forensics Tool To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction. PcapXray Design Specification Goal: Given a Pcap File, plot a network diagram displaying hosts in the network,...
APTSimulator - A toolset to make a system look as if it was the victim of an APT attack
APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised. Use Cases 1. POCs: Endpoint detection agents / compromise assessment tools 2. Test your security monitoring's detection capabilities 3. Test your SOCs response on a...
February 13, 2018 – Morning Cyber Coffee Headlines – “Abraham Lincoln” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! February 13, 2018 - Headlines Carbon Black in the News: MSSPs Wasting Time on...
SwishDbgExt - Incident Response & Digital Forensics Debugging Extension
SwishDbgExt is a Microsoft WinDbg debugging extension that expands the set of available commands by Microsoft WinDbg, but also fixes and improves existing commands. This extension has been developed by Matt Suiche @msuiche – feel free to reach out on [email protected] ask for more features,...
Happy IR in the New Year!
At the end of last year Mr. Jake Williams from aka @MalwareJake asked a very important question about Lack of visibility during detecting APT intrusions in twitter. Results show us that endpoint analysis is the most important part of any research connected with APTs. Also, for sure endpoint...
Linux Expl0rer - Easy-To-Use Live Forensics Toolbox For Linux Endpoints
Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask. Capabilities ps View full process list Inspect process memory map & fetch memory strings easly Dump process memory in one click Automaticly search hash in public services VirusTotal AlienVault OTX users users list...
Forever 21 Warns Shoppers of Payment Card Breach at Some Stores
Another day, another data breach. This time a fast-fashion retailer has fallen victim to payment card breach. American clothes retailer Forever 21 announced on Tuesday that the company had suffered a security breach that allowed unknown hackers to gain unauthorized access to data from payment car...
Parrot Security 3.9 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind
Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own softwares or protect your privacy with anonymity and crypto tools...
IBM QRadar SIEM and QRadar Incident Forensics Input Validation Vulnerabilities
IBM QRadar SIEM and QRadar Incident Forensics are both products of IBM USA. The former is a suite of solutions that utilize security intelligence to protect assets and information from advanced threats; the latter is a suite of security forensic investigation software. An input validation...
psad - Intrusion Detection and Log Analysis with iptables
The Port Scan Attack Detector psad is a lightweight system daemon written in is designed to work with Linux iptables/ip6tables/firewalld firewalling code to detect suspicious traffic such as port scans and sweeps, backdoors, botnet command and control communications, and more. It features a set o...
OSXAuditor - Free Mac OS X Computer Forensics Tool
OS X Auditor is a free Mac OS X computer forensics tool. OS X Auditor parses and hashes the following artifacts on the running system or a copy of a system you want to analyze: the kernel extensions the system agents and daemons the third party's agents and daemons the old and deprecated system a...