Malware Analysis in CRITs

Configuring Triage and Uploading Samples

Jacob Faires

November 03, 2016 - Posted by Jacob Faires to Security Insight

CRITs (Collaborative Research Into Threats) is a threat analysis platform that helps manage and track malicious actors, campaigns, and samples. Getting everything installed for CRITs can be a bit of a task, but the process is getting better. NTT Security has recently been using CRITs to aid in the analysis process. Setting up CRITs for triage is fairly straightforward. Today, I’m going to walk you through the configuration process.

Configure for Triage

Malware triage is the assessment of malware to determine severity and priority. Triage generally entails basic analysis of a sample in order to ascertain its nature and intent.

To configure triage in CRITs, access the Settings menu from the gear in the top left corner of the screen, and select Services under the CRITs Control Panel drop down.

... read more >

The Thief

#WarStoryWednesday

Tim Roberts

November 02, 2016 - Posted by Tim Roberts to Security Insight

Clipboard Assessment Background

Earlier this year, a friend (5tubb0rn) and I toyed around with some ideas at a local hacker workspace. I had been using a Proxmark/BishopFox build to steal proximity badges during some of our Professional Security Services on-site Social Engineering Assessments and covert Physical Security Assessments. The Proxmark/BishopFox build was handy in that I didn’t have to bump into anyone in order to snag their badge for replication. The only problem I’ve had with this device is the size – it is a garage badge reader after all, and about the size of a laptop. There are smaller devices out there but we wanted to create something from scratch, utilizing a Raspberry Pi and some plug-and-play sensors that could be easily hidden by someone in the guise of a contractor. So, the two of us came up with a... read more >

Our Continuously Connected Lives: What’s Your “Apptitude”?

To UPnP or not to UPnP

Jeremy Scott

October 27, 2016 - Posted by Jeremy Scott to Security Insight

To UPnP or not to UPnP

As the internet has changed, so have our lives. We no longer just dial up to find that “you’ve got mail,” instead we stay constantly connected through our phones, tablets, and computers. We are now in the age of never leaving home without a device, and being connected to the internet at all times. Some can’t even imagine going out of range.

These devices that are with us at all times are our own personal Internet of Things (IoT). IoT devices can be baby monitors, home entertainments systems, home security systems, or even a refrigerator fully equipped with a video camera so we can check whether we have milk or not.

Vance Baker presented us with Introduction to Internet of Things (IoT) Security earlier this year that provides some really good advice for creating a safe IoT environment. I know what you may be saying: “If I follow the advice given,... read more >

Hacks Targeting Voter Rolls

Hack the vote blog series: part 2

Chris Camejo

October 25, 2016 - Posted by Chris Camejo to Security Insight

Voter Rolls Hacking

At first glance, the hacks targeting voter registration databases are a bit confusing: the voter rolls are considered a public record in many states, often obtainable by paying a fee of a few hundred dollars. Websites can and have legally republished this data. Records are also available to political campaigns, even in states where the records are not otherwise publicly available, and these lists can be bought online. It raises the question: why hack into a database that can be had just by politely asking for it?

So far the conversation around the voter database hacks has focused on the confidentiality of these records, as if the exposure of this data presents some sort of increased risk. Illinois, a... read more >

The NTT Security SERT Q3 ‘16 Threat Intelligence Report

Ransomware in the health care industry, the ‘direct cash-back’ revenue model, targeting the Internet of Things (IoT), securing SWIFT networks, and a notable decrease in reconnaissance activity.

Danika Blessman

October 20, 2016 - Posted by Danika Blessman to Threat Intelligence

SERT Threat Report Q3 2016

The NTT Security SERT (Security Engineering Research Team) released its Q3 ‘16 Threat Intelligence Report today.

During Q3 ’16, NTT Security researchers observed attacks which exhibited the same characteristics as those a year ago in Q3 ’15 – a notable decrease in reconnaissance and an increase in application attacks, with attackers likely maintaining a persistent presence in the target environment.

NTT Security observed a 38 percent drop in security-related events from Q2 ’16 to Q3 ’16. While that seems like an amazing statistic, it included a dramatic 91 percent decrease in reconnaissance and a 64 percent decrease in suspicious activity, which may indicate more of a change in focus than a dramatic fall off in attack volume.

... read more >

Hack the Vote

Chris Camejo

October 18, 2016 - Posted by Chris Camejo to Security Insight

Blog

The news has been rife with headlines about voting hacks, with the FBI revealing that state voter registration databases have been compromised and warning of ongoing attacks. Meanwhile, one of the major parties has already suffered two known breaches and WikiLeaks continues to post Clinton campaign emails on a regular basis. So far, signs are pointing to operators inside Russia as the culprits for all of the above.

Many of us in the information security... read more >

The Culture of Security Awareness and Corporate Benefits

Rob Kraus

October 13, 2016 - Posted by Rob Kraus to Security Insight

Cybersecurity in the workplace

The age old problem of determining how to identify and mitigate risk has certainly been something organizations have struggled with for many years.

How do you protect your organization? What tools are the best in the marketplace? What tools are good enough and work with my budget? What is my long term plan and how do I get there?

All the above questions are something we deal with every day, but there is also another constant that we often overlook, our people — education about threats and how to address them on the front line.

Let’s face it, people are vulnerable and will always be. So much so, that the National Cyber Security Alliance dedicated a whole week to educating everyone on the culture of cyber security in the workplace during National Cyber Security Awareness Month (NCSAM).

We need to invest in technologies to help overcome our compulsive... read more >

<< Newer Entries | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS