incident-analysis – Page 4 – WindowsTechs.com

How can I prepare for the information security test for a job? [on hold]

Posted on December 29, 2017 by Sad angle

I applied for a job

The test is

information security in general

How can I prepare? There exists many books, huge courses, etc.

Continue reading How can I prepare for the information security test for a job? [on hold]→

What are the most valuable information when handling an IT security event/incident?

Posted on August 16, 2017 by Tom

I’m currently looking into reporting processes in information security and I was wondering what kind of information should be reported when an IT security event or incident occurs.

The definitions of those would be (taken fr… Continue reading What are the most valuable information when handling an IT security event/incident?→

How many times has the NHS been hit with ransomware?

Posted on July 20, 2017 by rain1

When the wannacry ransomware infected the NHS I remember being shocked reading that this was a regular occurence for them and the NHS has been hit with ransomware 50 or 80? times.

I can’t find anything about this now while s… Continue reading How many times has the NHS been hit with ransomware?→

Can exfil occur by using 0x20 encoding on DNS queries?

Posted on July 2, 2017 by Rincewind

Is it possible and, if so, how likely would it be for a threat actor to introduce malicious code into a network that is meant to gather, harvest, and encode sensitive information into seemingly harmless DNS queries?

Contextu… Continue reading Can exfil occur by using 0x20 encoding on DNS queries?→

Retrieve a deleted trojan by Kaspersky for analysis (on windows 7)?

Posted on May 4, 2017 by Ernest Dujo

After installation of Kaspersky on a windows machine, several trojan viruses where discovered and deleted.
Now, I’m looking for a way to retreive those trojans deleted by kasperky. (to export them to a VM for further analysis… Continue reading Retrieve a deleted trojan by Kaspersky for analysis (on windows 7)?→

What’s the Impact of the CloudFlare Reverse Proxy Bug? ("#CloudBleed")

Posted on February 24, 2017 by Jeff Ferland

In Project Zero #1139, it was disclosed that CloudFlare had a bug which disclosed uninitialized memory, leaking private data sent through them via SSL. What’s the real impact?

Continue reading What’s the Impact of the CloudFlare Reverse Proxy Bug? ("#CloudBleed")→

Need some recommendations on good IR hands-on training

Posted on February 20, 2016 by Yang Yu

Does anyone know if there is any good hands-on training for incident response and digital forensics, or certification I need to take in order to gain more hands-on experience? Thanks and any helpful information is appreciated… Continue reading Need some recommendations on good IR hands-on training→

How to analyze the netstat log for suspicious connections?

Posted on January 6, 2016 by Yang Yu

I found a question from here: http://www.activeresponse.org/20-questions-for-an-intrusion-analyst/
But not sure what its answer is. Here is the question and it asks me to find out all suspicious entries:

Proto Local Address Foreign Ad… Continue reading How to analyze the netstat log for suspicious connections?→