The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
เนื้อหาจัดทำโดย IMF Security and Brian and Michael เนื้อหาพอดแคสต์ทั้งหมด รวมถึงตอน กราฟิก และคำอธิบายพอดแคสต์ได้รับการอัปโหลดและจัดเตรียมโดย IMF Security and Brian and Michael หรือพันธมิตรแพลตฟอร์มพอดแคสต์โดยตรง หากคุณเชื่อว่ามีบุคคลอื่นใช้งานที่มีลิขสิทธิ์ของคุณโดยไม่ได้รับอนุญาต คุณสามารถปฏิบัติตามขั้นตอนที่อธิบายไว้ที่นี่ https://th.player.fm/legal
ที่คล้ายกับ The Incident Response Podcast
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
A weekly podcast show about Indian startups, entrepreneurs, and more! Hosted by Neil Patel & Friends
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Agile for Humans™ is a weekly podcast dedicated to the individuals and interactions that make agile work. The goal is to help create safe and collaborative working environments where people are empowered to do their best work.
…
continue reading
Daily update on current cyber security threats
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
We help founders make something people want.
…
continue reading
Player FM - แอป Podcast
ออฟไลน์ด้วยแอป Player FM !
ออฟไลน์ด้วยแอป Player FM !
))
Getting back to basics, IR 101 - Episode 013
Manage episode 263576476 series 2681668
เนื้อหาจัดทำโดย IMF Security and Brian and Michael เนื้อหาพอดแคสต์ทั้งหมด รวมถึงตอน กราฟิก และคำอธิบายพอดแคสต์ได้รับการอัปโหลดและจัดเตรียมโดย IMF Security and Brian and Michael หรือพันธมิตรแพลตฟอร์มพอดแคสต์โดยตรง หากคุณเชื่อว่ามีบุคคลอื่นใช้งานที่มีลิขสิทธิ์ของคุณโดยไม่ได้รับอนุญาต คุณสามารถปฏิบัติตามขั้นตอนที่อธิบายไว้ที่นี่ https://th.player.fm/legal
Recorded May 2020
TOPIC: Getting back to basics, IR 101
OUR SPONSORS:
NEWS-WORTHY:
Best EDR Security Services In 2020 for Endpoint Protection
How to Avoid Spam—Using Disposable Contact Information
Shiny new Azure login attracts shiny new phishing attacks
Upgrading from EDR to MDR is Critical but Easier than You Think
The ransomware that attacks you from inside a virtual machine
SITE-WORTHY:
Malware Archaeology - Cheat Sheets
TOOL-WORTHY:
LOG-MD - The Log anD Malicious Discovery tool
“LOG-MD -a” will give you how you compare against the cheat sheets
MALWARE OF THE MONTH:
Qakbot
Typical delivery via a Office doc or URL
Created a folder in C:\Users
Key Detection points
Enable better logging AutoRuns - Uses Run key and Scheduled Task
WMIPrvSe launch binary in C:\Users
Binary in root of \Username directory C:\Users\\.exe
C:\Users\\AppData\Roaming\Microsoft\ Syswow64\Explorer.exe used Parent of Explorer.exe is NEVER a binary in C:\Users
Process injection of Syswow64\Explorer.exe
Ping 127.0.0.1
Scheduled Task created by a binary in C:\Users
Syswow64\Explorer,exe opening all the browsers
Binary in C:\User calling out to foreign country
PREVENTION
Block Office macros
Don’t allow uncategorized websites
EDR Software
Whitelisting C:\Users
TOPIC OF THE DAY:
Getting back to basics, IR 101
What is getting back to basics - IR 101
This will likely be multiple episodes
We will start with Windows
Why is this important?
WHEN you have an incident, data we, and you need will be available
This is probably the #1 finding and recommendation we have made to organizations we have been involved with over the years
Security tools fail, so other data you collect can help discover what happened where, when, and how
What is the problem we are wanting our listeners to solve?
To be better prepared in the event of an incident to speed up investigations
Give your SOC, IT, or Security people the data they need to investigate events
Make log management data better if you are collecting all the things
And of course… help your IR Consultancy do a better job FASTER
Other Articles:
-------------------
CIS Benchmarks
DerbyCon talk on EDR
DerbyCon talk on Winnti
15 ตอน
แบ่งปัน
Manage episode 263576476 series 2681668
เนื้อหาจัดทำโดย IMF Security and Brian and Michael เนื้อหาพอดแคสต์ทั้งหมด รวมถึงตอน กราฟิก และคำอธิบายพอดแคสต์ได้รับการอัปโหลดและจัดเตรียมโดย IMF Security and Brian and Michael หรือพันธมิตรแพลตฟอร์มพอดแคสต์โดยตรง หากคุณเชื่อว่ามีบุคคลอื่นใช้งานที่มีลิขสิทธิ์ของคุณโดยไม่ได้รับอนุญาต คุณสามารถปฏิบัติตามขั้นตอนที่อธิบายไว้ที่นี่ https://th.player.fm/legal
Recorded May 2020
TOPIC: Getting back to basics, IR 101
OUR SPONSORS:
NEWS-WORTHY:
Best EDR Security Services In 2020 for Endpoint Protection
How to Avoid Spam—Using Disposable Contact Information
Shiny new Azure login attracts shiny new phishing attacks
Upgrading from EDR to MDR is Critical but Easier than You Think
The ransomware that attacks you from inside a virtual machine
SITE-WORTHY:
Malware Archaeology - Cheat Sheets
TOOL-WORTHY:
LOG-MD - The Log anD Malicious Discovery tool
“LOG-MD -a” will give you how you compare against the cheat sheets
MALWARE OF THE MONTH:
Qakbot
Typical delivery via a Office doc or URL
Created a folder in C:\Users
Key Detection points
Enable better logging AutoRuns - Uses Run key and Scheduled Task
WMIPrvSe launch binary in C:\Users
Binary in root of \Username directory C:\Users\\.exe
C:\Users\\AppData\Roaming\Microsoft\ Syswow64\Explorer.exe used Parent of Explorer.exe is NEVER a binary in C:\Users
Process injection of Syswow64\Explorer.exe
Ping 127.0.0.1
Scheduled Task created by a binary in C:\Users
Syswow64\Explorer,exe opening all the browsers
Binary in C:\User calling out to foreign country
PREVENTION
Block Office macros
Don’t allow uncategorized websites
EDR Software
Whitelisting C:\Users
TOPIC OF THE DAY:
Getting back to basics, IR 101
What is getting back to basics - IR 101
This will likely be multiple episodes
We will start with Windows
Why is this important?
WHEN you have an incident, data we, and you need will be available
This is probably the #1 finding and recommendation we have made to organizations we have been involved with over the years
Security tools fail, so other data you collect can help discover what happened where, when, and how
What is the problem we are wanting our listeners to solve?
To be better prepared in the event of an incident to speed up investigations
Give your SOC, IT, or Security people the data they need to investigate events
Make log management data better if you are collecting all the things
And of course… help your IR Consultancy do a better job FASTER
Other Articles:
-------------------
CIS Benchmarks
DerbyCon talk on EDR
DerbyCon talk on Winnti
15 ตอน
Tüm bölümler
×
ขอต้อนรับสู่ Player FM!
Player FM กำลังหาเว็บ
ที่คล้ายกับ The Incident Response Podcast
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
A weekly podcast show about Indian startups, entrepreneurs, and more! Hosted by Neil Patel & Friends
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Agile for Humans™ is a weekly podcast dedicated to the individuals and interactions that make agile work. The goal is to help create safe and collaborative working environments where people are empowered to do their best work.
…
continue reading
Daily update on current cyber security threats
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
We help founders make something people want.
…
continue reading
Player FM - แอป Podcast
ออฟไลน์ด้วยแอป Player FM !
ออฟไลน์ด้วยแอป Player FM !
