Tag Archives: forensics

[ISN] Cymmetria hires former U.S. government cyber official Jim Christy

www.reuters.com/article/2015/11/27/us-cymmetria-hire-idUSKBN0TG28W20151127 By Jim Finkle Reuters.com Nov 27, 2015 Computer security startup Cymmetria has hired a well-known retired U.S. government computer-forensics expert, Jim Christy, as vice president of investigations and digital forensics. Christy started this week at the provider of technology that targets the psychology of attackers, tricking them into revealing themselves through techniques such as the use of decoy servers. Cymmetria told Reuters on Friday that Christy will oversee efforts to help clients investigate attacks uncovered with the company’s technology, then advise them on coordinating disclosure to law enforcement. He retired from the U.S. government in 2013, ending a career investigating computer crimes and running digital forensics labs that began in 1986 at the Air Force Office of Special Investigations. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] HACKFEST 2015 – REGISTRATION & TRAININGS

HACKFEST 2015 – REGISTRATION & TRAININGS Hackfest 2015, November 6-7th Quebec City, Canada www.hackfest.ca REGISTRATION Online registration close on November 1st. – Current price is 80$CAD+tx  – Register in group to have a discount – Register now: www.hackfest.ca/en/register TRAININGS We have interesting trainings offered at Hackfest in Quebec city, Canada this year.   The price also includes admission to talks. NOVEMBER 5th Hunting Linux malware for fun and $flags Server-side Linux malware is a real threat now. Unfortunately, as for its Windows counterpart, most system administrators are inadequately trained or don’t have enough time allocated by their management to analyze and understand the threats that their infrastructures are facing. This tutorial aims at creating an environment where Linux professionals have the opportunity to study such threats safely and in a time-effective fashion. In this introductory tutorial you will learn to fight real-world Linux malware that targets server environments. Attendees will have to find malicious processes and concealed backdoors in a compromised Web server. In order to make the tutorial accessible for a range of skill levels several examples of malware will be used with increasing layers of complexity — from scripts to ELF binaries with varying degrees of obfuscation. Additionally, as is common in Capture-The-Flag information security competitions, flags will be hidden throughout the environment for attendees to find. Skills to acquire: * Live system incident response and forensics using Linux’s standard tools * System hardening * Introduction to reverse-engineering obfuscated scripts and binaries Price: * 150$ Regular (ID required) * 75$ Student (ID & Student proof required) Presented by: Olivier Bilodeau and Marc-Etienne M.Léveillé both are malware researchers at ESET Montreal Register now :http://www.hackfest.ca/en/training/hunting_linux_malware_for_fun_and_flags- 2015


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] At Black Hat, Hottest Cyber Product Didn’t Have a Booth

http://blogs.cfr.org/cyber/2015/08/10/at-black-hat-hottest-cyber-product-didnt-have-a-booth/ By Robert Knake Council on Foreign Relations August 10, 2015 Ah, Vegas in August. 100-degree heat, pool parties, and thousands upon thousands of hackers. Every summer the cybersecurity world takes over Sin City for a week. Black Hat, growing ever more corporate and responsible, is paid for on expense accounts. DEF CON? Well DEF CON is paid with cash at the door. I spent a week out there meeting with new technology companies, talking to chief information security officers (CISOs) about their challenges, and getting schooled in the art of network forensics by the good folks who run Packet Detective. Looking back on the week, there was one dominant theme: the need for more skilled professionals in the field. After a day of hearing pitches from startups I asked the CISO of a popular streaming service what he was shopping for. He answered in one word: “people.” He then asked me what I did and then just as quickly turned his attention on a security operations center analyst at a major credit card company (turns out cyber policy wonks are not in short supply). The hottest party of the week wasn’t hosted by FireEye or Palo Alto Networks. It was hosted by Nike (see photo above). No, Nike isn’t slapping its famous swoosh on network security gear. If you want to get an idea of how desperate companies are, a maker of athletic apparel now throws parties at Mandalay Bay to recruit cyber talent. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] There’s no code of ethics to govern digital forensics – and we need one

https://theconversation.com/theres-no-code-of-ethics-to-govern-digital-forensics-and-we-need-one-45755 By John J Sloan, III The Conversation August 10, 2015 Let me begin with a disclaimer: I am neither a digital forensics practitioner nor do I play one on television. I am, however, a professor in, and former chair of, an academic department at a research university that houses a graduate program in computer (digital) forensics I helped design. In 2011, I cofounded a computer forensics research center at my university. Finally, for more than 10 years, I have taught undergraduate and graduate courses on professional ethics for criminal justice and digital forensics students. These experiences helped me to identify a glaring issue in the field of digital forensics: a lack of professional and ethical standards governing practitioners. And as digital forensics gains prominence in the legal landscape, the lack of agreed-upon standards is a big problem. What is digital forensics? Digital or computer forensics involves the identification, recovery, analysis and presentation in court of relevant information taken from electronic devices such as computers and cellphones. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Report: Hack of government employee records discovered by product demo

http://arstechnica.com/security/2015/06/report-hack-of-government-employee-records-discovered-by-product-demo/ By Sean Gallagher Ars Technica June 11, 2015 As officials of the Obama administration announced that millions of sensitive records associated with current and past federal employees and contractors had been exposed by a long-running infiltration of the networks and systems of the Office of Personnel Management on June 4, they claimed the breach had been found during a government effort to correct problems with OPM’s security. An OPM statement on the attack said that the agency discovered the breach as it had “undertaken an aggressive effort to update its cybersecurity posture.” And a DHS spokesperson told Ars that “interagency partners” were helping the OPM improve its network monitoring “through which OPM detected new malicious activity affecting its information technology systems and data in April 2015.” Those statements may not be entirely accurate. According to a Wall Street Journal report, the breach was indeed discovered in April. But according to sources who spoke to the WSJ’s Damian Paletta and Siobhan Hughes, it was in fact discovered during a sales demonstration of a network forensics software package called CyFIR by its developer, CyTech Services. “CyTech, trying to show OPM how its cybersecurity product worked, ran a diagnostics study on OPM’s network and discovered malware was embedded on the network,” Paletta and Hughes reported. And, according to federal investigators, that malware may have been in place for over a year. US intelligence agencies have joined the investigation into the breach. But it’s still not even clear what data was accessed by the attackers. Meanwhile, the breach has triggered outrage from unions representing federal employees. In a letter to OPM Director Katherine Archuleta, American Federation of Government Employees president J. David Cox expressed displeasure at the way OPM had handled the breach, calling the 18 months of credit monitoring and $1 million liability insurance OPM is offering federal employees “entirely inadequate, either as compensation or protection from harm.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] FBI Threat Intelligence Cyber-Analysts Still Marginalized In Agency

http://www.darkreading.com/risk/fbi-threat-intelligence-cyber-analysts-still-marginalized-in-agency/d/d-id/1319618 By Sara Peters Dark Reading 3/25/2015 Despite good progress, 9/11 Review Commission says that analysts could have a greater impact on FBI counter-terrorism activities if they had more domain awareness, forensics capabilities, and were more empowered to question agents. FBI threat intelligence analysts, a position created post-9/11, have proven their worth to counter-terror operations, but their impact has been limited by a lack of domain awareness, insufficient computing technology, and a lack of status within the Bureau, according to a report released today by the FBI 9/11 Review Commission. While the analysts are providing agents with tactical input, they are not yet participating in any strategic way. Part of the intelligence analysts’ job description, as described by FBIAgentEdu.org, is cyber-forensics and cyber-surveillance


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Northrop Grumman Foundation Congratulates Top 28 Teams Advancing to CyberPatriot National Finals Competition

http://www.globenewswire.com/newsarchive/noc/press/pages/news_releases.html?d=10116947 FALLS CHURCH, Va. – Jan. 26, 2015 – The Northrop Grumman Foundation, presenting sponsor for CyberPatriot VII, is proud to congratulate the top 25 high school and three middle school teams advancing to the national finals competition on March 13 in Washington, D.C. CyberPatriot, established by the Air Force Association, is the National Youth Cyber Education Program that’s inspiring students toward careers in cybersecurity and other science, technology, engineering, and mathematics (STEM) disciplines critical to our nation’s future. The program features the National Youth Cyber Defense Competition, cyber camps, and an elementary school education program. This year’s finalists represent schools and other organizations from Alabama, California, Colorado, Florida, Iowa, Louisiana, Massachusetts, Michigan, Missouri, New Jersey, New Mexico, Oklahoma, South Dakota, Texas, Virginia, and Manitoba, Canada. Click here for a complete listing of finalists. “We are so proud of all the students who participated this year and we wish the top 28 finalists all the best as they prepare for the big showdown,” said Sandra Evers-Manly, president of the Northrop Grumman Foundation and vice president of Northrop Grumman Global Corporate Responsibility. “CyberPatriot has proven to be an innovative way to inspire young people to pursue a career in cybersecurity. It is filling the much-needed pipeline of qualified cyber talent and we couldn’t be more pleased with its success. CyberPatriot is a true example of how a hands-on, STEM initiative can make an impact by addressing a national imperative.” A record 2,175 teams, up 40 percent from the previous year, competed this year in a series of online rounds where students were given a set of virtual images that represent operating systems and were tasked with finding vulnerabilities and hardening the system while maintaining critical services. Students competed from across the U.S. and in other parts of the world to be among the top finalists that receive an all-expenses-paid trip to the CyberPatriot National Finals in Washington, D.C. “The need for cyber defenders has never been more relevant, or urgent,” said Diane Miller, director, CyberPatriot Programs, Northrop Grumman. “To address the increasingly complex threat requires diversity of education, experience, and approach to problem solving. CyberPatriot is inspiring our youth at every level and from every pocket of the country to cultivate a cyber workforce with a strong ethical foundation, the requisite technical skills and life skills in communications, leadership and teamwork so important to potential employers. These students are career-ready and poised to take on this national and global challenge.” In its fifth year as presenting sponsor, the Northrop Grumman Foundation and Northrop Grumman Corporation continue to devote time, talent and resources to support CyberPatriot. In addition to the foundation’s financial support, Northrop Grumman awards annual scholarship funds to the top winning teams and contributes employee volunteers and mentors. The company also provides internships to CyberPatriot competitors, as do other industry and government organizations. Northrop Grumman also partnered this year with Cyber Security Challenge UK to bring CyberPatriot to the U.K.. Known as CyberCenturion, this youth cyber defense competition will hold its finals competition on April 17 at Bletchley Park in London. The CyberPatriot VII Teams will compete face-to-face in a one-day event to defend virtual networks and mobile devices from a professional aggressor team. The National Finalists will also face-off in four additional competition components: the Digital Cyber Crime Scene Challenge from the Digital Forensic Consortium, the Cisco Networking Challenge, the Leidos Digital Forensics Challenge, and a Mobile Application Challenge hosted by AT&T. These extra challenges expose teams to new elements and skillsets of the many career opportunities available to them. As a global provider of cybersecurity solutions, Northrop Grumman is committed to grooming tomorrow’s cyber workforce and is engaged in supporting numerous cybersecurity education, training and technology initiatives. For more information on Northrop Grumman in cyber, go to www.northropgrumman.com/cyber. The Northrop Grumman Foundation supports diverse and sustainable programs for students and teachers. These programs create innovative education experiences in science, technology, engineering and mathematics. For more information please visit www.northropgrumman.com/foundation. CONTACT: Marynoele Benson Northrop Grumman Corporation 703-556-1651 marynoele.benson@ngc.com


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Why I Hope Congress Never Watches Blackhat

http://www.wired.com/2015/01/why-i-hope-congress-never-watches-blackhat/ By Kevin Poulsen Threat Level Wired.com 01.16.15 What a strange time. Last week I was literally walking the red carpet at the Hollywood premiere of Michael Mann’s Blackhat, a crime thriller that I had the good fortune to work on as a “hacker adviser” (my actual screen credit). Today, all I’m thinking is, please, God, don’t let anybody in Congress see the film. I’ll explain my anxiety in a minute. First, the movie: Mann, the legendary director of hardboiled crime films like Heat, Collateral, and Miami Vice, always has been a stickler for authenticity, and he brought me into Blackhat as an adviser early on, before it had a title or a lead actor. If you’re wondering how one gets involved in a Michael Mann film, here’s how it works: Mann calls you on the phone. You think, “Why is Michael Mann calling me?” After a phone conversation and an interview in Los Angeles, you’re officially invited on board as a consultant. It turned out Blackhat’s screenwriter had read my cybercrime book Kingpin, and he’d suggested me to Mann. When I showed up for my first consulting meeting, I expected to find a roomful of people crowded around a long conference table. Instead, it was just me and Mann, sitting in his office for five hours at a time. He had questions about malware, hacking, how modern computer intrusions play out. For subsequent meetings, I was given the current iteration of the screenplay (watermarked with my name, lest I leak it to the Pirate Bay), and we went over it line by line, looking at dialogue, discussing tweaks to the hacking and forensics scenes, and working on some of the procedural elements in the plot. Later, Mann brought in a second computer consultant, OkCupid hacker Chris McKinley, to write code for the movie and train leading man Chris Hemsworth in Linux basics, making Hemsworth officially the best-looking human to ever use a command line. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail