homepage
Open menu
Go one level top
  • Train and Certify
    Train and Certify

    Immediately apply the skills and techniques learned in SANS courses, ranges, and summits

    • Overview
    • Courses
      • Overview
      • Full Course List
      • By Focus Areas
        • Cloud Security
        • Cyber Defense
        • Cybersecurity and IT Essentials
        • DFIR
        • Industrial Control Systems
        • Offensive Operations
        • Management, Legal, and Audit
      • By Skill Levels
        • New to Cyber
        • Essentials
        • Advanced
        • Expert
      • Training Formats
        • OnDemand
        • In-Person
        • Live Online
      • Course Demos
    • Training Roadmaps
      • Skills Roadmap
      • Focus Area Job Roles
        • Cyber Defence Job Roles
        • Offensive Operations Job Roles
        • DFIR Job Roles
        • Cloud Job Roles
        • ICS Job Roles
        • Leadership Job Roles
      • NICE Framework
        • Security Provisionals
        • Operate and Maintain
        • Oversee and Govern
        • Protect and Defend
        • Analyze
        • Collect and Operate
        • Investigate
        • Industrial Control Systems
      • European Skills Framework
    • GIAC Certifications
    • Training Events & Summits
      • Events Overview
      • Event Locations
        • Asia
        • Australia & New Zealand
        • Latin America
        • Mainland Europe
        • Middle East & Africa
        • Scandinavia
        • United Kingdom & Ireland
        • United States & Canada
      • Summits
    • OnDemand
    • Get Started in Cyber
      • Overview
      • Degree and Certificate Programs
      • Scholarships
    • Cyber Ranges
  • Manage Your Team
    Manage Your Team

    Build a world-class cyber team with our workforce development programs

    • Overview
    • Why Work with SANS
    • Group Purchasing
    • Build Your Team
      • Team Development
      • Assessments
      • Private Training
      • Hire Cyber Professionals
      • By Industry
        • Health Care
        • Industrial Control Systems Security
        • Military
    • Leadership Training
  • Security Awareness
    Security Awareness

    Increase your staff’s cyber awareness, help them change their behaviors, and reduce your organizational risk

    • Overview
    • Products & Services
      • Security Awareness Training
        • EndUser Training
        • Phishing Platform
      • Specialized
        • Developer Training
        • ICS Engineer Training
        • NERC CIP Training
        • IT Administrator
      • Risk Assessments
        • Knowledge Assessment
        • Culture Assessment
        • Behavioral Risk Assessment
    • OUCH! Newsletter
    • Career Development
      • Overview
      • Training & Courses
      • Professional Credential
    • Blog
    • Partners
    • Reports & Case Studies
  • Resources
    Resources

    Enhance your skills with access to thousands of free resources, 150+ instructor-developed tools, and the latest cybersecurity news and analysis

    • Overview
    • Webcasts
    • Free Cybersecurity Events
      • Free Events Overview
      • Summits
      • Solutions Forums
      • Community Nights
    • Content
      • Newsletters
        • NewsBites
        • @RISK
        • OUCH! Newsletter
      • Blog
      • Podcasts
      • Summit Presentations
      • Posters & Cheat Sheets
    • Research
      • White Papers
      • Security Policies
    • Tools
    • Focus Areas
      • Cyber Defense
      • Cloud Security
      • Digital Forensics & Incident Response
      • Industrial Control Systems
      • Cyber Security Leadership
      • Offensive Operations
  • Get Involved
    Get Involved

    Help keep the cyber community one step ahead of threats. Join the SANS community or begin your journey of becoming a SANS Certified Instructor today.

    • Overview
    • Join the Community
    • Work Study
    • Teach for SANS
    • CISO Network
    • Partnerships
    • Sponsorship Opportunities
  • About
    About

    Learn more about how SANS empowers and educates current and future cybersecurity practitioners with knowledge and skills

    • SANS
      • Overview
      • Our Founder
      • Awards
    • Instructors
      • Our Instructors
      • Full Instructor List
    • Mission
      • Our Mission
      • Diversity
      • Scholarships
    • Contact
      • Contact Customer Service
      • Contact Sales
      • Press & Media Enquiries
    • Frequent Asked Questions
    • Customer Reviews
    • Press
    • Careers
  • Contact Sales
  • SANS Sites
    • GIAC Security Certifications
    • Internet Storm Center
    • SANS Technology Institute
    • Security Awareness Training
  • Search
  • Log In
  • Join
    • Account Dashboard
    • Log Out
  1. Home >
  2. Blog >
  3. Black Hat edition featuring stealthy hardware and software based attacks, advice for new InfoSec professionals, a malware quiz and more
Ray Strubinger

Black Hat edition featuring stealthy hardware and software based attacks, advice for new InfoSec professionals, a malware quiz and more

July 27, 2012

This week's "Black Hat" edition of CaseLeads features an exclusive interview with David Kennedy who talks about stealthy, non-APT related attacks. In keeping with the stealth theme, we have an article about a new Pwn device from Pwnie Express and DARPA as well as an article about one of the founders of Kaspersky. NIST has a draft out on malware defense, the popular protocol analyzer Wireshark has been updated and for those that are trying to enter the Information Security profession, we have a collection of articles from several well known names in the industry and an easy malware related quiz.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to caseleads@sans.org.

Tools:

  • The Power Pwn from Pwnie Express extends the company's plug-n-hack paradigm. The DARPA funded device is a "digital wolf in sheep's clothing" in that it looks like a power strip that you might find in a typical office. The device's features include 802.11b/g/n, BlueTooth, 3G/GSM, Ethernet, proxy support, and numerous pen-testing tools running on Debian 6. The device will also accept instructions via text message or voice-recognition (Siri.) Pwnie Express is accepting pre-orders and expects to begin shipping units in late September.
  • New versions of Wireshark have been released. The updated versions address denial of service conditions in the application and addresses a few other issues in the application. The updated version of Wireshark now supports snoop output from Juniper NetScreen devices.

Good Reads:

  • Lenny Zeltser invites you to try his malware and reverse engineering quiz.
  • SP800-83-rev1, a new draft from NIST addresses 10 ways enterprises can combat malware. Comments are being accepted.
  • Stealthy Attack By-Passes Nearly All Current Defenses - This is a CaseLeads exclusive courtesy of David Kennedy and fellow CL blogger Ira Victor. One session room at SecurityBSides Las Vegas 2012 was cordoned off for unique presentations. For this session, the room was packed. At virtually all technology conferences today, attendees are live tweeting, taking copious notes, snapping photos or videos of the demonstrations on the screen. Yet, in this special area of SecurityBSides Las Vegas, a tall, imposing security proctor in a bright red shirt with dark military style pants and a walkie-talkie stood up to made a special announcement: This is an "underground session." There will be no recordings, no note-taking, no exceptions. All phones, computers, cameras, video must be turned off. Any attendee seen taking notes, or using any device in any way during this talk can and will have it confiscated. Following the talk, the speaker David Kennedy granted CyberJungle Radio host, and SANS Forensics CaseLeads Blogger, Ira Victor, an exclusive interview. Kennedy talked about a series of attack vectors that use python, encryption, and Java Applets that can fully control Windows, Mac and Linux users. These attacks can by-pass anti-virus, next generation firewalls, intrusion detection systems, sandboxing systems, and according to Kennedy, bypass "?every single type of preventative technology out there?" (And, no this is not APT ("advanced persistent threat"), or some super high tech code.) Click here to download or listen to the ~6min segment.

News:

  • Wired has an interesting article about Eugene Kaspersky of Kaspersky Labs. The article outlines the background of the company's founder and provides a few details about how the company operates. The article is a little dramatic at times and in some places sounds more like a spy novel complete with Cold War spying and modern espionage.
  • Brian Krebs has a series of articles for those interested in becoming Information Security professionals. The collection currently features advice from Richard Bejtlich, Jeremiah Grossman, Bruce Schneier, and Thomas Ptacek. The series is also a great resource for those that are mentoring and developing Information Security professionals.

Levity:

  • Thoughts on the Window's Registry and bacon.

Coming Events:

  • Sans San Francisco 2012 - San Francisco, CA - July 30 - Aug 06, 2012
  • DFRWS 2012 Conference - Washington, DC - Aug 05 - 08, 2012
  • SANS Boston 2012 - Boston, MA - Aug 06 - 11, 2012
  • USENIX Security '12 - Bellevue, WA - Aug 06 - 10, 2012
  • 7th USENIX Workshop on Hot Topics in Security (HOTSEC '12) - Bellevue, WA - Aug 07, 2012
  • 2012 Malware Technical Exchange Meeting (Security Clearance Required) - El Segundo, CA - Aug 14 - 16, 2012
  • 7th ARES conference (ARES 2012) - Prague, Czech Republic - Aug 20 - 24, 2012
  • First International Workshop on Security Ontologies and Taxonomies (SecOnT 2012) - University of Economics, Prague, Czech Republic - Aug 20 - 24, 2012
  • SANS Virginia Beach - Virginia Beach, VA - Aug 20 - 31, 2012
  • SANS Crystal City - Arlington, VA - Sep 06 - 11, 2012
  • European Symposium on Research in Computer Security - Pisa, Italy - Sep 10 - 12, 2012
  • 15th International Symposium on Research in Attacks, Intrusions and Defenses - Vrije Universiteit, Amsterdam, The Netherlands - Sep 12 - 14, 2012
  • HTCIA International Conference & Training Expo - Hershey, PA - Sep 16 - 19, 2012
  • SANS Network Security 2012 - Las Vegas, NV - Sep 16 - 24, 2012
  • VirusBulletin 2012 - Dallas, TX - Sep 26 - 28, 2012
  • GrrCon - Grand Rapids, MI - Sep 27 - 28, 2012
  • 3rd Annual Sleuth Kit and Open Source Digital Forensics Conference - Chantilly, VA - Oct 2 - 3, 2012
  • SANS Cybercon 2012 - Online Virtual Conference - Oct 8 - 13, 2012
  • International Conference on Security in Computer Networks and Distributed Systems (SNDS'12) - Trivandrum, India - Oct 11 - 12, 2012
  • SANS Seattle 2012 - Seattle, WA - Oct 14 - 19, 2012
  • 4th International Conference on Digital Forensics & Cyber Crime - West Lafayette, IN - Oct 24 - 28, 2012
  • SANS Chicago 2012 - Chicago, IL - Oct 27 - Nov 5, 2012
  • Paraben Forensic Innovations Conference - Park City, UT - Nov 3- 7, 2012
  • SANS San Diego 2012 - San Diego, CA - Nov 12 - 17, 2012
  • SANS San Antonio 2012 - San Antonio, TX - Nov 27 - Dec 2, 2012
  • Forensics@NIST 2012 - Rockville, MD - Nov 28 - 30, 2012
  • IEEE International Workshop on Information Forensics and Security - Tenerife, Spain - Dec 2 - 5, 2012
  • 2012 secau Security Congress - Perth, Western Australia - Dec 3 - 5, 2012
  • SANS Cyber Defense Initiative 2012 - Washington, DC - Dec 7 - 16, 2012
  • SANS Mobile Device Security Summit - Anaheim, CA - Jan 7 - 14, 2013
  • SANS Virtualization & Cloud Computing Summit - Anaheim, CA - Jan 7 - 14, 2013

Call For Papers:

  • 3rd Cybercrime and Trustworthy Computing Workshop - Due Aug 3, 2012
  • 7th International Conference on Legal, Security and Privacy Issues in IT Law - Due Aug 25, 2012
  • 2012 secau Security Congress - Due Sep 30, 2012
  • 10th Australian Digital Forensics Conference - Due Sep 30, 2012

Digital Forensics Case Leads is a (mostly) weekly publication of the week's news and events relating to digital forensics. If you have an item you'd like to share, please send it to caseleads@sans.org.

Digital Forensics Case Leads for 20120727 was compiled by Ray Strubinger. Ray regularly leads digital forensics and incident response efforts and when the incidents permit, he is involved in aspects of information security ranging from Threat Intel to Risk Analysis.

Find us on Google+

Share:
TwitterLinkedInFacebook
Copy url Url was copied to clipboard
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Tags:
  • Digital Forensics and Incident Response

Related Content

Blog
DFIR_-_DFIR_Origin_Stories_-_340x340_Thumb.jpg
Digital Forensics and Incident Response
March 20, 2023
DFIR Origin Stories - Kat Hedley
Digital Forensics and Incident Response (DFIR) called to Kat Hedley as soon as she first entered the workforce.
DFIR_ICON_(1).PNG
SANS DFIR
read more
Blog
Google.png
Digital Forensics and Incident Response, Cloud Security
March 13, 2023
Google Cloud Log Extraction
In this blog post, we review the methods through which we can extract logs from Google Cloud.
Megan_Roddie_370x370.png
Megan Roddie
read more
Blog
Untitled_design-43.png
Digital Forensics and Incident Response, Cybersecurity and IT Essentials, Industrial Control Systems Security, Purple Team, Open-Source Intelligence (OSINT), Penetration Testing and Red Teaming, Cyber Defense, Cloud Security, Security Management, Legal, and Audit
December 8, 2021
Good News: SANS Virtual Summits Will Remain FREE for the Community in 2022
They’re virtual. They’re global. They’re free.
370x370-person-placeholder.png
Emily Blades
read more
  • Register to Learn
  • Courses
  • Certifications
  • Degree Programs
  • Cyber Ranges
  • Job Tools
  • Security Policy Project
  • Posters & Cheat Sheets
  • White Papers
  • Focus Areas
  • Cyber Defense
  • Cloud Security
  • Cybersecurity Leadership
  • Digital Forensics
  • Industrial Control Systems
  • Offensive Operations
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
  • © 2023 SANS™ Institute
  • Privacy Policy
  • Contact
  • Careers
  • Twitter
  • Facebook
  • Youtube
  • LinkedIn