security.crudtastic.com

Today Microsoft are pleased to announce the availability of the Enhanced Mitigation Experience Toolkit (EMET) version 2.0.  Users can click here to download the tool free of charge. 

For those who may be unfamiliar with the tool, EMET provides users with the ability to deploy security mitigation technologies to arbitrary applications.  This helps prevent vulnerabilities in those applications (especially line of business and 3rd party apps) from successfully being exploited.  By deploying these mitigation technologies on legacy products, the tool can also help customers manage risk while they are in the process of transitioning over to modern, more secure products.  In addition, it makes it easy for customers to test mitigations against any software and provide feedback on their experience to the vendor.

Read the full story on the TECHNET BLOG

SANS Asia-Pacific Webcast Series

Windows Forensic Analysis: Dissecting the Windows Registry – Featuring Rob Lee

Please join us for the next installment of the SANS APAC webcast series where our world-class instructors provide cutting-edge content on the latest issues in information security.

Event link: http://www.sans.org/info/48624

October’s webcast is being led by SANS Certified instructor, Rob Lee. In this Webcast, Lee focuses on mastering the Windows Registry. This webcast will be live and participants will have the opportunity to ask Rob Lee questions in real time.

Windows Forensic Analysis: Dissecting the Windows Registry webcast will be held on Wednesday, 7 October.

6:30 p.m. in Hong Kong (7:30 p.m. Tokyo/8:30 p.m. Sydney)

You cannot consider yourself a Computer Forensic Analyst without mastering the Windows Registry. The registry is one of the most vital areas of a Microsoft Windows Operating System due to the sheer amount of useful forensic data that can be pulled from it. This presentation will take you through understanding how and why the registry will track every document you open, every website you type, USB devices you utilize, and much more. This presentation will focus on the most current known registry elements found on WinXP, VISTA, and the new Windows 7.

Interested participants can subscribe to the webcast free of charge by way of a SANS portal account: http://www.sans.org/info/48629

This Webcast provides an insightful example of the types of topics and deep instructor knowledge SANS will be featuring at the upcoming classes at SANS Hong Kong Advanced Forensics Seminar 2009, 9-14 November. This Webcast is a taste of SEC508.

- SEC508: Computer Forensics, Investigation, and Response (9-13 Nov)
- SEC526: Advanced Filesystem Recovery and Memory Forensics (14 Nov)

For complete information about SANS Hong Kong Advanced Forensics Seminar 2009, please use this link: http://www.sans.org/info/48634

About Rob Lee: Rob Lee is a Director for MANDIANT (http://www.mandiant.com/), a leading provider of information security consulting services and software to Fortune 500 organizations and the U.S. Government. Rob is also the Curriculum Lead for Digital Forensic Training at the SANS Institute (http://computer-forensics.sans.org/). Rob has more than 13 years experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on Information Operations. Later, he was a member of the Air Force Office of Special Investigations where he conducted computer crime investigations, incident response, and computer forensics. Prior to joining MANDIANT, he directly worked with a variety of government agencies in the law enforcement, Dept. of Defense, and intelligence communities where he was the technical lead for a vulnerability discovery and exploit development team, lead for a cyber forensics branch, and led a computer forensic and security software development team. Rob also coauthored the bestselling book, Know Your Enemy, 2nd Edition. Rob earned his MBA from Georgetown University in Washington DC. Finally, Rob was awarded the “Digital Forensic Examiner of the Year” from the Forensic 4Cast 2009 Awards.

Well, It’s day 4 of SANS Canberra .. I’m doing SEC504 – Hacker Techniques, Exploits, and Incident Handling. All I can say is WOW!

John Strand (check out www.pauldotcom.com) is taking the class .. he’s an awesome guy with some great stories (and he’s pretty smart too)!

I must say that the course is making me look at a lot of things differently .. and I’m pretty sure (from what I’ve seen) that most corporate networks would be compromised in one way or another (even mine), in fact, I’d be surprised if my computers at home aren’t shady in one way or another!

Anyway .. enough rambling. Once I get back home after the course, I’ll do a write up on here. My one regret was missing the bootcamp tonight where they made a malicious USB stick with U3 that launched metasploit as soon as it was inserted.

So we all know Conficker is meant to explode our brains, empty our bank accounts and then run off with our dog on the 1st of April right? There’s a bunch of people that have applied the MS08-067 patch that basically stops all this nastiness, they’re probably also the same people that have strong passwords and an up to date antivirus solution.

So I guess the next thing is trying to track down machines that are already infected. The guys at SkullSecurity have a great blog article on how to use nmap to scan your network and detect these infected hosts.

If you get any errors it’s really worth reading through all the comments, Ron has done a great job in trying to respond to everyone. There are apparently some other tools coming out soon from other vendors .. but who doesn’t love an excuse to bust out nmap in anger!

Currently I’m testing a few different web and email filtering appliances. I’m looking at 3 vendors – Sophos, Clearswift & Ironport.

Although I haven’t finished my evaluations yet it has become very clear that there really isn’t all that much difference. They all seem to do AV and malware (as you would expect) they all have some form of reputation filtering, they all have a very similar interface, and they are all pretty easy to configure (although the Ironport takes a bit of special tongue holding to ensure it’s correctly setup)

I should have all my evaluations done next week so I will post a thorough review on the devices I’ve tested and let you all know the good and bad points!

Well, I guess it had to happen. Seeing as I just passed the CISM exam I’ve decided to go and do the CISA exam. All in all I probably should have done it the other way round .. but where I worked they thought it would be more beneficial if I did a CISM. They could be right .. I’m not too convinced though.

So I signed up today to sit the June 2009 exam, got myself a copy of the study guide and the practice questions database. I don’t believe I’ll have much trouble with this one, it all looks pretty straight forward and it’s stuff that I do everyday at work.

I’ll maybe get a copy of the CBT Nuggets prep stuff, it was pretty handy to have when I did the CISM .. I put a copy of all the video files onto my iPhone so I could watch them while I was at the gym. I guess I used a similar technique as when I was studying for the CISSP exam, I bombarded myself with information at all times (just hoping that some of it would stick), it’s kind of like that episode of the Simpsons when Homer gets the subliminal tapes t listen to while he’s sleeping (only mine aren’t a weight loss tape).

I’ll put all my notes up on zoho again as a few people have found it useful.

Anyway .. more news as I get my stuff and start actually doing some study (at least I’ll make sure I don’t leave it all till the last minute).

Peace out nerdlingers!