Information Security News
by Sean Gallagher
LAS VEGAS— Sin City has the greatest density of surveillance cameras per square mile anywhere outside the Pentagon, and that fact makes Vegas an appropriate host for both Black Hat and Def Con, the ying and yang of information security conferences. The two have become the anchors for a collection of security events here every summer (including BsidesLV and PasswordsCon) that results in a week-long festival of infosec overload so scary, it's now even more frightening to use hotel Wi-Fi.
While Jeff Moss, aka "TheDarkTangent," is the founder of both Black Hat and Def Con, the two events have continued to diverge. This year, however, they carried a very similar message: Security has reached a critical point, and the people gathered at both events have never been more relevant to society as a whole, for better or worse. "This is our moment right now," Moss said during the introduction of his Black Hat keynote. "When was the last time we were this relevant and this in demand? I would say during the dot com (boom)...but if you think about it, all you needed was green hair to get a job back then."
Moss challenged attendees at Black Hat to do something real in the coming year. "I have the sense that we don't have unlimited time," he warned. "If we're going to make some moves, we're going to have to make them soon." The message at Def Con was similar—a call to action in a world where state actors and other maleficent forces are taking advantage of an ever-growing number of vulnerabilities in systems ranging from mobile applications to "Internet of Things" devices. The looming threat of surveillance makes it increasingly difficult to live a private life.
In the vexing pursuit of passwords that are both easy to remember and hard to crack, many people embed clues into their login credentials, choosing for instance, "playstationplaystationdec2014" to safeguard a recently created gaming account or "[email protected] w0rk!" for an IT administrative account at a financial services company. Now, a whitehat hacker is capitalizing on the habit with a tool that automates the process of launching highly targeted cracking attacks.
Dubbed WordHound, the freely available tool scours press releases, white papers, and Twitter accounts belonging to companies or sites that have recently suffered security breaches. The software then generates a list of commonly found words or phrases that attackers can use when trying to convert cryptographic hashes from compromised password databases into the corresponding plaintext passcodes. The tool, devised by security consultant Matthew Marx, was unveiled Wednesday at Passwords 14 conference in Las Vegas.
"People are influenced greatly by their environment when choosing a password," Marx, who works for consultancy MWR Info Security, told Ars. "It could be a work environment, their personal life, or the sport teams they like. I wanted to create a tool that leveraged this human vulnerability."
In many cases having a full disk image is not an option during an incident.Â Imagine that you are suspecting that you have dozen of infected or compromised system. Can you spend 2-3 hours to make a forensic copy of hard disks hundred computers? In such situation fast forensics is the solution for such situation. Instead of copying everything collecting some files that may contain an evidence can solve this issue. In this diary I am going to talk about an application that will collect most of these files.
Triage-ir is a script written by Michael Ahrendt . Triage-ir will collect system information, network information, registry hives, disk information and it will dump memory. One of the powerful capabilities of triage-ir is collecting information from Volume Shadow Copy (v.851) which can defeat many anti-forensics techniques.
Triage-ir can be obtained from http://code.google.com/p/triage-ir/downloads/list . The triage-ir itself is just a script that depend on other tools such as Sysinternals Suite[i], Dupmpit[ii][iii] , Regripper[iv],md5deep[v] ,7zip[vi] and some windows built-in commands .
Here are the installation steps:
In case of incident you would like to keep minimum residues as much as you can therefore I would suggest to copy it to USB drive ,one issue here if you are planning to dump the memory the USB drive should be larger than the physical ram.
Once you launch the application you can select which info you would like to collect. Each category is separate tab.
Let say that you would like to collect the Network Information only. All you have to do is click on Network Information tab and click on Select none then select all information you would like to collect then click run.
Once the collection process finished triage-ir will prompt you that
All the collected information will be dumped in a new folder with date and the system name.
Five Aussie infosec experts speak out
Five Aussie infosec experts speak out. By Steven Kiernan on Jun 30, 2014 10:00 PM Filed under Security · Tweet. Comment Now. Hear from Content Security, Loop Technology, Avante, SecureWare and Insentra. Every month, CRN speaks to five market ...