Tool of the month – Armitage

September 22nd, 2011

Armitage is certainly an important add-on to the latest version (4.0) of the popular Metasploit Framework (MSF). MSF is too good for its own good, but it is so difficult to find the right components in the jungle of exploits and payloads. Armitage is a nice frontend trying to restore the order from the organised chaos in MSF. Perhaps the MSF developers should collaborate with Apple’s user experience team :-)

Privacy rot

July 20th, 2011

If facebook reflects the opinion of 500+ milion users concerning their attitude on privacy of their personal information, we can safely conclude that privacy is a not so welcomed option…

How did we get here? You can find out from the source of the above diagram.

Stuxnet for dummies

June 20th, 2011

A neat little video outlining Stuxnet’s modus operandi:

Stuxnet: Anatomy of a Computer Virus from Patrick Clair on Vimeo.


June 16th, 2011

Who needs to improve on social engineering when Adobe does the trick for you?

ACPO Guide and volatile memory capture

June 13th, 2011

ACPO’s Good Practice Guide for Computer-Based Electronic Evidence has always been an excellent resource for supporting the digital forensics process. In the recently revised version emphasis is given on the handling of live data, strengthening the paradigm of “not pulling the plug”. As mentioned on p.18 of the document:

“Memory also often contains useful information such as decrypted applications (useful if a machine has encryption software installed) or passwords and any code that has not been saved to disk etc.
If the power to the device is removed, such artefacts will be lost. If captured before removing the power, an investigator may have a wealth of information from the machine’s volatile state,…”

We thought that it would be worthwhile reminding ourselves that a powered device is not necessarily a turned on device; In our recent research we established that even if a desktop computer is switched off but connected to mains, the contents of RAM are present and can be retrieved.

Therefore it is recommended that volatile memory is captured even if the computer is switched off at the time of the seizure.

At last, twitter/fb free!

May 19th, 2011

The tool of this month has to be Web2.0 suicide machine. Once you are done with sharing all your personal data to get that extra eggplant present from a “neighbour” in Farmville, and you realize that you may have a life where cherries actually do grow on trees, you may think that it is too late to return to reality. Well, probably not, social networking hit men are here. We have not tried out their services so we cannot form an opinion with regards to the effectiveness of the tools, but such initiative is certainly welcome.

I wonder though, if I get rid of my social networking account, wouldn’t there be someone eager in taking over my profile? similar to expiring DNS domains…

RSA and Advanced Persistent Threats

May 4th, 2011

When a security conscious company like RSA suffers from a persistent break in, how secure should the rest of us feel?

Peter Wood’s presentation (Director,  First Base Technologies) at InfoSecurity 2011 was as always a  a delight. Many thanks Peter!

The anatomy of the attack can be found here.

“Let none ignorant of geometry enter my door”

April 13th, 2011

The famous inscription at the entrance of Plato’s Academy “Μηδείς άγεωμέτρητος είσίτω μον τήν στέγην” (translated as “Let none ignorant of geometry enter my door”) could be considered as the oldest admission requirement for a maths student; the digital modern version could be this maths CAPTHCA:

Tool of the month

March 27th, 2011

Tool of the month: Privacy Blocker for Android

As reported, a large share of users access the Internet (and mostly social networking sites) via smart phones. It was about time a privacy protecting app made it to the market. I wonder, would the privacy-indifferent social-networking fanatics appreciate and application like this one?

Third ICST International Conference on Digital Forensics and Cyber Crime

March 3rd, 2011

Dublin, Ireland, October 26-28,2011

Paper Submission: June 1, 2011
Notification of Acceptance: August 1, 2011
Camera-ready Version: September 1, 2011

Copyright © 2018 Information Security and Incident Response Research Unit. All Rights Reserved.
No computers were harmed in the 0.422 seconds it took to produce this page.

Designed/Developed by Lloyd Armbrust & hot, fresh, coffee.