DFIRCON APT Malware & Memory Challenge
The memory image contains real APT malware launched against a test system.Your job? Find it.
The object of our challenge is simple: Download the memory image and attempt to answer the questions. To successfully submit for the contest, all answers must be attempted. Each person that correctly answers 3 of the 5 questions will be entered into a drawing to win a FREE Simulcast seat at DFIRCON Monterey this March. The contest ends on January 31st, 2014 and we will announce the winner on February 3rd, 2014. Good luck!
Win a free Simulcast Seat at DFIRCON Monterey - http://dfir.to/DFIR-CON by downloading the memory image
As incident responders, we are often called upon to not only supply answers regarding "Who, What, When, Where, and How" an incident occurred, but also how does the organization protect itself against future attacks of a similar nature? In other words, what are the lessons learned and recommendations based on the findings?
A new paper from Microsoft titled "Best Practices for Securing Active Directory" provides a wealth of information and guidance that responders can use to answer these types of questions. The paper can be found at the following link: http://blogs.technet.com/b/security/archive/2013/06/03/microsoft-releases-new-mitigation-guidance-for-active-directory.aspx.
I've reviewed the paper and it is an excellent document in my opinion. As the foreword by Microsoft's CISO explains, the paper provides a "practitioner's
SANS Windows Memory Forensics Training (FOR526) — Knocks it out of the park!
Jesse Kornblum and Alissa Torres just finished up their first official course dedicated to Windows Memory Forensics
at the SANS Institute at SANS2013 in Orlando. The course teaches key techniques used by actual practioners in the field who use it in their jobs daily -- using memory forensics to find evil and doing a great job at it. The key to this course is that like all SANS training it is not tool dependent but teaches the fundamentals that each analyst should know when responding to incidents with these skills.
SANS is offering a 10%
Mark this date: On March 20th 2013, the non-technical managers may finally start to understand what a digital forensics professional actually does. With the massive cyber attacks on South Korean banks, media outlets, and ISPs, the role of forensicators is put front and center. The attack(s) resulted in widespread ATM outages, online banking and mobile banking offline, and tens of thousands of PCs wiped of all their data. At minimum, non-technical decision makers should finally start to understand that cyber attackers are not targeting "someone else." The attacks in South Korea had an impact on the bottom line of many South Korean firms. Since many of the same strategies for information security and incident response are used by most westernized nations, many experts agree that the attacks in South Korea are a warning sign of what could happen in the United States. We have analytical coverage of the South Korean attacks, with stories and drill downs that go beyond the
SANS is offering a one-time discount for the Cyber Threat Intelligence Summit to government employees (e.g., federal, state, local, DoD). This offer reduces the registration fee from $895 to $395 and will be available for a limited time only, on a first come, first served basis. Please select -Register Nowon the right side of the page and use the code CTIGOV.
Join SANS for this innovative 1-day event as we focus on enabling organizations to build effective cyber threat intelligence capabilities.