DoD Cyber Crime Conference Presentation: Recipes for Remediation
Written by Jim Aldridge
Wendi Rafferty and I presented at the DoD Cyber Crime conference in Atlanta, GA. Our presentation, “Recipes for Remediation: Key Ingredients for Building a More Resilient Security Program,” has been posted to the MANDIANT Archive Presentations page here.
During our presentation we covered the lifecycle common to many Advanced Persistent Threat (APT) attacks and then outlined several case studies to illustrate countermeasures organizations have successfully deployed to combat the APT. The following items were key points we covered during the workshop:
1. “This can happen to you!” The time to begin preparing for these activities is now, prior to an incident. Read the rest
Tags: Advanced Persistent Threat, application whitelisting, APT, attack lifecycle, cybersecurity, DC3, DOD Cyber Crime Conference, host-based firewalls, MANDIANT, remediation, spear phishing attacks
. 07 Feb 12 | The Whiteboard | Comments (0)
Education and Information Sharing Top Priority at 2012 DoD Cyber Crime Conference
Written by Doug Wilson
This was my first time heading to the DoD Cyber Crime Conference in Atlanta. The DoD Cyber Crime Center (DC3) hosts the conference every year. DC3first started as a resource for DoD and Law Enforcement and has grown over the years to include many different organizations that work together to combat Cyber Crime. Read the rest
Tags: Alan Paller, cybercrime, DC3, DCISE, DHS, disk forensics, DoD, DOD Cyber Crime Conference, DSIE, FS-ISAC, Information Sharing, IOC, ISAC, MANDIANT, OpenIOC, SANS
. 02 Feb 12 | The Whiteboard | Comments (0)
EXT3 File Recovery via Indirect Blocks
Written by Hal Pomeranz
Recovering complete file images from unallocated space on Linux systems can be a tricky problem. The EXT3 metadata structures—index nodes or inodes for short—are mostly zeroed out when they are deallocated. During this process, all of the inode’s block pointers (that would normally be used to access the file data when the file was allocated) are lost. The original file contents will still exist in unallocated data blocks in the file system—at least until those blocks are reused—but there’s no “map” to reconstruct those data blocks into the original file. Read the rest
Tags: deleted files, DOD Cyber Crime Conference, ext3, file recovery, indirect blocks
. 27 Jan 11 | The Lab | Comments (0)
Audit Viewer: Malware Rating Index Undocumented Features and Caveats
Written by Peter Silberman
Hopefully everyone has had a few weeks to recover from the M-Trends kickoff party in St. Louis and everyone has also had a chance to read the M-Trends report! I hope everyone enjoyed the talk I gave at DOD Cyber Crime Conference. Read the rest
Tags: Audit Viewer, DC3, DOD Cyber Crime Conference, M-Trends, Malware Rating Index, Memoryze, MRI, MTrends
Channels
Recent Posts
- M-unition 2.0: Changes on the Horizon
- DoD Cyber Crime Conference Presentation: Recipes for Remediation
- Education and Information Sharing Top Priority at 2012 DoD Cyber Crime Conference
- Executive Breakfast Briefing with Former DHS Secretary Michael Chertoff
- Vulnerability and Exploit Terminology Webinar
Follow us on Twitter
- Mandiant: M's @mikesiko created a free tool, FakeNet. Attend this month's webinar to learn more about it http://t.co/fd7Bf8Vj #infosec #malware #dfir
- Mandiant: M's @helenabrito discusses exciting changes on the horizon for the M-unition blog http://t.co/2zo9pOSa #infosec #dfir #cybersecurity
- Mandiant: M's Michael Sikorski wrote a book, "Practical Malware Analysis" & will be hosting a webinar to discuss it! 2/29 2PM ET http://t.co/fd7Bf8Vj