SecuraBit

Before It Bytes!

SecuraBit Episode 61: Reverse Engineering Malware with a Spider Monkey

SecuraBit Episode 61: Reverse Engineering Malware with a Spider Monkey

Hosts:
Christopher Mills – @thechrisam
Andrew Borel –  @andrew_secbit
Tim Krabec – @tkrabec http://www.SMBMinute.com
Nicholas Berthaume — @nberthaume https://www.bordergatewayprotocol.net
Anthony Gartner – @anthonygartner http://anthonygartner.com

Guests:
Guest: Lenny Zeltser – @lennyzeltser http://zeltser.com/

General topics:
Reverse Engineering Malware

New Linux Distro to analyze malware
REMnux: A Linux Distribution for Reverse-Engineering Malware
http://zeltser.com/remnux/
Based on Ubuntu
Released just 5 days ago – July 8, 2010
2500 Downloads so far
VMWare appliance
Live Distro going out to Source Forge soon
Enlightenment as window manager, (no gnome or kde)
Just what you need to do the analysis
Lightweight as possible
Tools
Emulate Services
Allow malware to interact with your own resources
how does it differ from CW Sandbox
Determine the signs of comprise to compare with your production environment
JS Unpack
Since it is an Ubuntu distro, you can roll a custom version for your environment or lab.
Intrigrrated into the Reverse Engining Malware course from SANS

SANS Digital Forensics Summit
The state of people relying on only antivirus for protection.

The innovator’s dilemma http://www.amazon.com/Innovators-Dilemma-Revolutionary-Business-Essentials/dp/0060521996
Microsoft Security Essentials http://www.microsoft.com/security_essentials/

http://www.sans.org/vlive/
Forensics 610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
SANS vLive! FOR610 – 201001 – Monday, July 26, 2010 – Thursday, August 26, 2010
http://www.sans.org/vlive/details.php?nid=20668

Upcoming events:

BSidesLV http://www.securitybsides.com/BSidesLasVegas
BlackHat https://www.blackhat.com/html/bh-us-10/bh-us-10-home.html
Defcon https://www.defcon.org/html/defcon-18/dc-18-schedule.html
Tim is speaking http://defcon.org/html/defcon-18/dc-18-speakers.html#PanelHTF
Tim is also doing a skytalks schedule http://sudux.com/skytalks_web.jpg
Hacker Halted http://www.hackerhalted.com/ Tim Is speaking October 14th
South Florida ISSA’s Hack the flag and chili cookoff  Saturday August 14, 2010 from 12:00pm – 5:00pm
http://sfissa.org/index.php/sfissa-mm-events/htf-main/85-hack-the-flag-2010
These are the upcoming security cons and where you can find those of us that will be attending starting in less than two weeks.

Links:
Chat with us on IRC at irc.freenode.net #securabit

SecuraBit Episode 58: Forensic Goodness with Harlan Carvey

SecuraBit Episode 58: Forensic Goodness with Harlan Carvey

Hosts:

Anthony Gartner  @anthonygartner http://anthonygartner.com
Christopher Mills @thechrisam
Chris Gerling @chrisgerling
Aricon
Andrew Borel @andrew_secbit

Guests:
Harlan Carvey
http://windowsir.blogspot.com/
Tools:  http://tech.groups.yahoo.com/group/win4n6/

General topics:
Timeline creation
Regripper
Forensic trends
SIFT
Lance Mueller http://www.forensickb.com/

SecuraBit Episode 57: Doctor Cole, I Presume?

Hosts:
Anthony Gartner @anthonygartner http://anthonygartner.com
Christopher Mills @thechrisam
Chris Gerling @chrisgerling
Andrew Borel @andrew_secbitGuests:
Dr. Eric Cole, Ph.D. – @drericcoleGeneral topics:
Mr. Cole is teaching the upcoming SANS vLive! 501 course which starts on June 22.

We discussed VOIP security, or the lack thereof.
Signature based security solutions are going the way of the dinosaur, it’s all about behavior and dynamic detection, such as heuristics now.
How to protect your privacy online:
http://twitter.com/ChrisPirillo/status/13881888168Links:
http://www.sans.org/security-training/instructors_upcoming.php?id=34
http://www.securityhaven.com/Sunbelt Software Webinar: Thursday, May 27, 2010, 2PM – 3PM EDT
Quarterly Briefing: Turn the tables on Bad Guys: Malware Unmasked

The cyber threat landscape is constantly changing, and even with the most sophisticated security you’re never completely protected from attacks. As part of our mission to ‘keep the bad guys out’, SunbeltLabs presents in this webinar how we use our own sandbox technology to keep a step ahead.

Sunbelt Software’s Lead Security Analyst, Brian Jack and Malware Response Manager, Dodi Glenn will discuss the current threat landscape and dig deeper into some of the most dangerous and complicated threats out there.  During this briefing we will focus on two different types of threats: malicious PDFs and rogue antivirus applications. Learn how to gain an edge when protecting your enterprise.

Whether you are dealing with spear phishing or mass attacks, join us to see how to deploy the right tools and learn how to quickly analyze and unmask malware. New threats require new technologies and techniques to protect yourself and your organization.  Sign up now and turn the tables on the bad guys.

Chat with us on IRC at irc.freenode.net #securabit

SecuraBit Episode 55: 10000 Tubes of KY and a Case of Dog Biscuits!

Sponsored by Sunbelt Software! Creators of the Sunbelt CWSandbox, for all your malware analysis needs! Visit their website for more details!

Hosts:
Anthony Gartner @anthonygartner http://anthonygartner.com
Christopher Mills @thechrisam
Chris Gerling @chrisgerling
Andrew Borel @andrew_secbit

Missing Hosts:
Jason Mueller – @securabit_jay

Guests:
Joshua Wright – @joswr1ght http://www.willhackforsushi.com/

– Josh talks about the MiFi hack
– Bluetooth Hacking
– Barcode scanner hacking including the Bluetooth scanner hacks
– SANS SEC617 SEC617 Course
– 617BIT Discount Code for $500 off the vLive! Course
– Upcoming courses taught by Josh Wright http://www.sans.org/security-training/instructors_upcoming.php?id=97
– Pentest summit – Baltimore, MD – Josh will be speaking there.  His talk will be about essential crypto for pentesters.  http://www.sans.org/pen-testing-summit-2010/

General topics:
Mcafee Released a failed (fubar) virus definition Discussion thread
Gmail authentication code stolen
Someone we know was owned

Links:
http://www.willhackforsushi.com/
SEC617 Course
http://www.sans.org/security-training/instructors_upcoming.php?id=97
Bruce Schneier’s book list
Dark Reading – Taking Penetration Testing In-House

Chat with us on IRC at irc.freenode.net #securabit

SecuraBit Episode 50: Interview with Rob Lee!

SecuraBit Episode 50: Interview with Rob Lee!

  • What is SANS vLive?
  • Forensics
  • DOD Cyber Crime
  • How the forensics classes are structured.
  • 508 course and how it’s changed. Divided up into essentials and then follow on courses. 6 total courses for all of the info.
  • APT – Advanced Persistant Threat
  • Q & A from the IRC

If you havent taken the Security 508 course yet we have an excellent opportunity for you!  Rob will be teaching the SEC508 (Forensics) course  via the SANS vLive! platform beginning 3/23/2010. Classes will occur  every Tuesday and Thursday until 4/29/2010 from 7-10PM EDT.

Chat with us on IRC at  irc.freenode.net #securabit

Hosts:
Anthony Gartner – @anthonygartner
Christopher Mills – @thechrisam
Chris Gerling – @chrisgerling
Jason Mueller – @securabit_jay
Andrew Borel – @andrew_secbit

Guests:
Rob Lee – @robtlee

Links:
http://phishme.com/
http://phishtank.com/

SecuraBit Episode 39: Stealing candy from little kids everywhere!!!

SecuraBit Episode 39 – Stealing candy from little kids everywhere!!!

Jay brought up that some government web sites will be switching to an OpenID authentication

What Does DHS Know About You?
How to request your travel records

TwiGUARD

Seesmic Desktop
TweetDeck

MS IIS FTPD DoS ZER0DAY

Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

Poison Ivy Remote Administration Tool

FRHACK: Pentesting Live DVD

Upcoming Events:

Phreaknic 13 – October 30 – November 1 2009

SANS Cyber Defense Initiative – Washington, DC – December 11 – 18, 2009

ToorCon – San Diego Convention Center -  October 23rd-25th, 2009

See our complete list of upcoming Cons and Webcasts.

Join us in IRC at irc.freenode.net #securabit

Hosts:
Anthony Gartner – @anthonygartner
Chris Gerling – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel – @andrew_secbit
Jason Mueller – @securabit_jay

Securabit Episode 14 We remind you to not get SWACKED!!!

In this episode we have a special guest Adrian from Irongeek.com.  We conversed about the going's on at phreaknic. Adrian presented down there and this is where he ended
Read More