The Best Tool For The Job
Okay, I am getting a little sick and tired of the constant chatter about “this operating system is better than that operating system.” It is like the white noise in the background of any room where...
View ArticleSANS Advisor Volume 2, No. 1 Is Now Available
The lastest edition of the SANS Advisor is out. This time they used two of my articles: “Taking SNMP for a Walk” and “Please Don’t Decrypt My File.” The first article talks about the importance of...
View ArticleInvisibility Is Not Invincibility
Security Through Obscurity. You hear people tell you not to use it. You also hear people telling you that it is a useful layer of defense. Actually it is all of these things and none of these things....
View ArticleCore Impact Demo
A few days ago we had Core Security give us a web demo on their product Core Impact. Although I had watched the demo before, on a prerecorded webcast, this time my colleagues and I were able to ask...
View ArticleData Classification and Media Destruction Methods
I recently mentioned that NIST had released Draft Special Publication 800-88: Guidelines for Media Sanitization. This document outlines the concerns involving roles and responsibilities, data...
View ArticleIncident Response Toolkit Justifications
One of the cool things about taking the SANS GCIH through their OnDemand classes is that you get 10 weeks to interact with the other students instead of the usual one week of a conference. Somebody in...
View ArticleImmunity’s SILICA, Debugger, and PCI Based Rootkit at DefCon 15
On the last day of DefCon 15 I had time to stop by the Immunity booth in the vendor area. Although he was very busy Dave Aitel did take some time out to speak with me. After a little small talk he...
View ArticleThe Benefits of Security Blogging
To increase the security within my organization I decided to have PGP come down and give our administrators and IT manager a demonstration on all of the services that PGP provides. Since reading about...
View ArticleWindows Incident Response Script
I have taken some time to write an incident response script using only the resources provided by the Windows operating system. You can find out the why by reading the article I wrote titled Windows...
View ArticleDid Mandiant’s Audit Viewer find something in Conficker?
I was learning how to use Mandiant’s Memoryze the other day and having a bit of trouble getting to know the XML configuration files. My real task was to get Memoryze working with memory shared from a...
View Article
More Pages to Explore .....