Kludge remote running local

January 13th, 2013

Kludge is a remote information gathering script that can be used in cases requiring a triage phase. If there are situations where network connectivity is not an option, this version can be used instead. Note that in order to run the tool you need all components downloaded from here.

The top three important actions to securing your systems

January 6th, 2013

The top three most important actions to secure your systems seem to be the following:

1. Update

2. Update

3. Update

And by update I mean *everything*, not just AVs (which seem to have a limited effect nowadays according to this study), but also software patches, latest versions and of course IT skills of every computer user within the organisation. Here is another post on the recent zero day on IE.

Malware on the rise, AVs on the spot

December 3rd, 2012

An interesting evaluation of AV solutions here. Not sure if this list will be valid in a week’s time.

 

RAM dumps and volatile memory treasures

August 15th, 2012

Our interview on scienceomega on our recent paper on volatile memory analysis:

http://www.scienceomega.com/article/528/pulling-the-plug-on-ram-loophole

yahoo pwned

July 12th, 2012

Title says all. 400K accounts compromised. The attack vector involved the good old sql injection. If you have a yahoo account and waiting for that excuse to migrate to gmail, hold your horses; “all eggs in one basket” is not the best solution. Again, it is a matter of processes in place, trust no one, change passwords frequently (if you can), but also consult services like pwnedlist.con to see if your account was disclosed or leaked. No hope. More info here.

DDoS evolved

April 23rd, 2012

One thing Anonymous did was to bring DDoS to the masses. And by “masses” we mean real people, not ZeuS drones. This is what makes it probably more dangerous and unpredictive than bot DDoS type of attacks. It is really difficult to construct a black list and track down human activity, as opposed to maintaining IP track records of the dangerous and sophisticated bots (see for example www.abuse.ch), which may have its challenges, but nevertheless it is an FSM at the very end.

Not surprisingly, the tools used for the attacks have a web specialization. Our businesses and life run on HTTP(s) and as such attacking web services is ever so appealing. LOIC, HOIC and Slowloris are the typical weapons, as they are extremely effective and require basic computer literacy skills (in fact all you need is to be able to switch on your computer!).

 

cold war – the cyberspace edition

March 8th, 2012

Yesterday a number of sites posted rather interesting news: Hector Xavier Monsegur (a.k.a. Sabu) was co-operating with the FBI. Sabu was arrested by the Police after a tiny slip of the mouse; he went on an IRC channel without using anonymization technologies such as Tor.

Now we can argue that Sabu is an individual with advanced hacking skills, but a human error led to his discovery. His security failed solely due to his negligence. If a computer expert like Sabu makes a mistake and pays for it, what can we deduce for all those admins out there who are not security sensitive?

An interesting article is published here.

SOPA & PIPA: In case of DNS takedown…

January 22nd, 2012

click here

1st ISACA Athens Chapter conference presentation

December 3rd, 2011

A very well organized and eye-opening event.

The theme of the conference was “IT Audit, Security & Governance Challenges in Financial Crisis”.

Our presentation with title Aligning emergency and crisis with Information Security is online here.

 

The Lives of Others – cyberspace edition

November 17th, 2011

Yep, it seems that history may as well repeat itself in a modern context though.

Members of the Chaos Computer Club have analysed an intercepted segment that strongly supports the view that German government has deployed its own spyware.

I have to note that I had met members of CCC back in the late 90′s – incidentally I am very grateful for daveg for the introduction – and these guys do know what they are talking about.

Details here.


Copyright © 2017 Information Security and Incident Response Research Unit. All Rights Reserved.
No computers were harmed in the 0.279 seconds it took to produce this page.

Designed/Developed by Lloyd Armbrust & hot, fresh, coffee.