This week's "Black Hat" edition of CaseLeads features an exclusive interview with David Kennedy who talks about stealthy, non-APT related attacks. In keeping with the stealth theme, we have an article about a new Pwn device from Pwnie Express and DARPA as well as an article about one of the founders of Kaspersky. NIST has a draft out on malware defense, the popular protocol analyzer Wireshark has been updated and for those that are trying to enter the Information Security profession, we have a collection of articles from several well known names in the industry and an easy malware related quiz.
If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to caseleads@sans.org.
Tools:
- The Power Pwn from Pwnie Express extends the company's plug-n-hack paradigm. The DARPA funded device is a "digital wolf in sheep's clothing" in that it looks like a power strip that you might find in a typical office. The device's features include 802.11b/g/n, BlueTooth, 3G/GSM, Ethernet, proxy support, and numerous pen-testing tools running on Debian 6. The device will also accept instructions via text message or voice-recognition (Siri.) Pwnie Express is accepting pre-orders and expects to begin shipping units in late September.
- New versions of Wireshark have been released. The updated versions address denial of service conditions in the application and addresses a few other issues in the application. The updated version of Wireshark now supports snoop output from Juniper NetScreen devices.
Good Reads:
- Lenny Zeltser invites you to try his malware and reverse engineering quiz.
- SP800-83-rev1, a new draft from NIST addresses 10 ways enterprises can combat malware. Comments are being accepted.
- Stealthy Attack By-Passes Nearly All Current Defenses - This is a CaseLeads exclusive courtesy of David Kennedy and fellow CL blogger Ira Victor. One session room at SecurityBSides Las Vegas 2012 was cordoned off for unique presentations. For this session, the room was packed. At virtually all technology conferences today, attendees are live tweeting, taking copious notes, snapping photos or videos of the demonstrations on the screen. Yet, in this special area of SecurityBSides Las Vegas, a tall, imposing security proctor in a bright red shirt with dark military style pants and a walkie-talkie stood up to made a special announcement: This is an "underground session." There will be no recordings, no note-taking, no exceptions. All phones, computers, cameras, video must be turned off. Any attendee seen taking notes, or using any device in any way during this talk can and will have it confiscated. Following the talk, the speaker David Kennedy granted CyberJungle Radio host, and SANS Forensics CaseLeads Blogger, Ira Victor, an exclusive interview. Kennedy talked about a series of attack vectors that use python, encryption, and Java Applets that can fully control Windows, Mac and Linux users. These attacks can by-pass anti-virus, next generation firewalls, intrusion detection systems, sandboxing systems, and according to Kennedy, bypass "?every single type of preventative technology out there?" (And, no this is not APT ("advanced persistent threat"), or some super high tech code.) Click here to download or listen to the ~6min segment.
News:
- Wired has an interesting article about Eugene Kaspersky of Kaspersky Labs. The article outlines the background of the company's founder and provides a few details about how the company operates. The article is a little dramatic at times and in some places sounds more like a spy novel complete with Cold War spying and modern espionage.
- Brian Krebs has a series of articles for those interested in becoming Information Security professionals. The collection currently features advice from Richard Bejtlich, Jeremiah Grossman, Bruce Schneier, and Thomas Ptacek. The series is also a great resource for those that are mentoring and developing Information Security professionals.
Levity:
- Thoughts on the Window's Registry and bacon.
Coming Events:
- Sans San Francisco 2012 - San Francisco, CA - July 30 - Aug 06, 2012
- DFRWS 2012 Conference - Washington, DC - Aug 05 - 08, 2012
- SANS Boston 2012 - Boston, MA - Aug 06 - 11, 2012
- USENIX Security '12 - Bellevue, WA - Aug 06 - 10, 2012
- 7th USENIX Workshop on Hot Topics in Security (HOTSEC '12) - Bellevue, WA - Aug 07, 2012
- 2012 Malware Technical Exchange Meeting (Security Clearance Required) - El Segundo, CA - Aug 14 - 16, 2012
- 7th ARES conference (ARES 2012) - Prague, Czech Republic - Aug 20 - 24, 2012
- First International Workshop on Security Ontologies and Taxonomies (SecOnT 2012) - University of Economics, Prague, Czech Republic - Aug 20 - 24, 2012
- SANS Virginia Beach - Virginia Beach, VA - Aug 20 - 31, 2012
- SANS Crystal City - Arlington, VA - Sep 06 - 11, 2012
- European Symposium on Research in Computer Security - Pisa, Italy - Sep 10 - 12, 2012
- 15th International Symposium on Research in Attacks, Intrusions and Defenses - Vrije Universiteit, Amsterdam, The Netherlands - Sep 12 - 14, 2012
- HTCIA International Conference & Training Expo - Hershey, PA - Sep 16 - 19, 2012
- SANS Network Security 2012 - Las Vegas, NV - Sep 16 - 24, 2012
- VirusBulletin 2012 - Dallas, TX - Sep 26 - 28, 2012
- GrrCon - Grand Rapids, MI - Sep 27 - 28, 2012
- 3rd Annual Sleuth Kit and Open Source Digital Forensics Conference - Chantilly, VA - Oct 2 - 3, 2012
- SANS Cybercon 2012 - Online Virtual Conference - Oct 8 - 13, 2012
- International Conference on Security in Computer Networks and Distributed Systems (SNDS'12) - Trivandrum, India - Oct 11 - 12, 2012
- SANS Seattle 2012 - Seattle, WA - Oct 14 - 19, 2012
- 4th International Conference on Digital Forensics & Cyber Crime - West Lafayette, IN - Oct 24 - 28, 2012
- SANS Chicago 2012 - Chicago, IL - Oct 27 - Nov 5, 2012
- Paraben Forensic Innovations Conference - Park City, UT - Nov 3- 7, 2012
- SANS San Diego 2012 - San Diego, CA - Nov 12 - 17, 2012
- SANS San Antonio 2012 - San Antonio, TX - Nov 27 - Dec 2, 2012
- Forensics@NIST 2012 - Rockville, MD - Nov 28 - 30, 2012
- IEEE International Workshop on Information Forensics and Security - Tenerife, Spain - Dec 2 - 5, 2012
- 2012 secau Security Congress - Perth, Western Australia - Dec 3 - 5, 2012
- SANS Cyber Defense Initiative 2012 - Washington, DC - Dec 7 - 16, 2012
- SANS Mobile Device Security Summit - Anaheim, CA - Jan 7 - 14, 2013
- SANS Virtualization & Cloud Computing Summit - Anaheim, CA - Jan 7 - 14, 2013
Call For Papers:
- 3rd Cybercrime and Trustworthy Computing Workshop - Due Aug 3, 2012
- 7th International Conference on Legal, Security and Privacy Issues in IT Law - Due Aug 25, 2012
- 2012 secau Security Congress - Due Sep 30, 2012
- 10th Australian Digital Forensics Conference - Due Sep 30, 2012
Digital Forensics Case Leads is a (mostly) weekly publication of the week's news and events relating to digital forensics. If you have an item you'd like to share, please send it to caseleads@sans.org.
Digital Forensics Case Leads for 20120727 was compiled by Ray Strubinger. Ray regularly leads digital forensics and incident response efforts and when the incidents permit, he is involved in aspects of information security ranging from Threat Intel to Risk Analysis.