InfoSec Blog

Today it’s not if your organization will have an electronic incident it’s when will that incident occur. Regardless of the type of incident there is a high likelihood your organization will need to collect digital evidence and build some form of a case file. However, it is often in the first moments after an incident is detected that crucial mistakes are made by the organization.

Maltego from Paterva is to information gathering as Nmap is to port scanning or Nessus is to vulnerability scanning. It’s an all in one, Swiss army knife toolkit for everything related to online information gathering.

Does deleting a file on a computer really mean its lost forever? Short answer: no. Longer answer: it depends, but probably not. Given you are still reading this that must mean you are wondering “depends on what?”.

Most people are unaware that the documents they create and edit using Microsoft’s Office suite of products contain a large amount of data related to the documents life-cycle. While usually benign and not very interesting, this data can become quite valuable in a forensic investigation. It can help establish timetables of when a file was last accessed or modified. An examiner can even extract the last few users who edited the file and the previous locations the document was stored.

So what is Splunk? At its core Splunk is a search engine. It was designed to allow any data from an infrastructure device to be indexed and searched. Any output from applications, servers and network devices can be “eaten” by Splunk. However, Splunk has become more than just a standalone product. The current 3.x series of the product has opened up the internal API and exposed it to allow outside development of new applications on top of the Splunk core. This post is going to touch on some of the capabilities available to developers looking to get even more out of their Splunk installation. I am going to be discussing two elements of Splunk that a user can customize and enhance in the current product release: Spunk UI customization and RESTful applications.

There is no doubt that virtualization is the hot trend right now. Many companies are beginning the transformation of virtualizing their infrastructure or are in the planning stages to do so. Virtualization has many benefits but it also has some hidden costs and pitfalls many organizations don’t consider when adopting it. I wanted to touch on two issues which don’t seem to be widely known or understood with respect to virtualization: security and compliance.

Web application testing tools are a dime a dozen these days. This post is a short list and description of the tools my colleagues and I use during our web app testing engagements. There are many more tools, both freeware and commercial, that can be used to assist in testing.

The PCI Data Security Standard (DSS) has just undergone a refresh. The PCI Security Standards Council released version 1.2 of the DSS on October 1, 2008. The new version must be used by all organizations who begin a new PCI assessment after October 1st. If your organization is currently undergoing an assessment you have until December 31, 2008 to complete it using the previous 1.1 version of the standard. So what changed between 1.1 and 1.2? The following list highlights the major changes in the new standard.

This article is going to cover the first phase of an assessment: information gathering and reconnaissance. I have put together a list of the top 10 most useful utilities and websites I use on a daily basis for security related assessments.

With the seemingly endless number of security products, utilities and information sites available today the thought of putting together a set of tools to perform routine security tasks might seem daunting. It can be, but it doesn’t have to be. Over the next few entries I am going to walk through how someone would put together a security tool chest that can be used for almost all day to day security needs.