Incident Response & Forensics – Page 5

SolarWinds Backdoor (Sunburst) Incident Response Playbook

Posted on December 17, 2020 by Amanda Mates

Over the last several days, TrustedSec has received queries on the best ways to contain, eradicate, and remediate the SolarWinds backdoor (aka #solarigate aka Sunburst). The TrustedSec Incident Response team has put together a playbook of recommended actions to provide some level of assurance that your organization is no longer affected by the backdoor. This…

The post SolarWinds Backdoor (Sunburst) Incident Response Playbook appeared first on TrustedSec.

Continue reading SolarWinds Backdoor (Sunburst) Incident Response Playbook→

SolarWinds Orion and UNC2452 – Summary and Recommendations

Posted on December 14, 2020 by Nathan Noll

In the wake of recent revelations regarding a supply chain compromise of the SolarWinds Orion platform by a nation-state actor, and subsequent targeting of private sector and government organizations by said actor, the TrustedSec Incident Response team is releasing the following summary and guidance. This guidance reflects information from industry counterparts as well as recommendations…

The post SolarWinds Orion and UNC2452 – Summary and Recommendations appeared first on TrustedSec.

Continue reading SolarWinds Orion and UNC2452 – Summary and Recommendations→

The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 1

Posted on October 27, 2020 by Nathan Noll

They say, “Everything old is new again.” Or, if you are a Game of Thrones fan, “What is dead may never die.” For me, however, a mentor once told me, “Everyone is going forward. I’m going backward.” Enter NetSync… I find Twitter to be a good source for InfoSec tactics, techniques, and procedures (TTPs). Anytime…

The post The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 1 appeared first on TrustedSec.

Continue reading The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 1→

The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 1

Posted on October 27, 2020 by Nathan Noll

The post The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 1 appeared first on TrustedSec.

Continue reading The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 1→

The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 2

Posted on October 27, 2020 by Nathan Noll

This is a continuation of The Tale of the Lost, but not Forgotten, Undocumented NetSync (part 1) and in this section, we will look to answer: What are Some Early Indicators to Detect NetSync at the Host-based Level? What are Some Possible Controls to Deter NetSync? In an accompanying blog post, Wes Lambert (@therealwlambert) steps…

The post The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 2 appeared first on TrustedSec.

Continue reading The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 2→

SMS Phish – An Incident Walkthrough

Posted on September 3, 2020 by Amanda Mates

Opener The goal of this blog post is to provide an approach to analyzing a text-based phish link. I will primarily focus on the initial steps to properly view the phish site from a non-mobile browser, provide OPSEC setup and browsing analysis recommendations, and conclude with defense measures to protect against such attacks. Analysis Background…

The post SMS Phish – An Incident Walkthrough appeared first on TrustedSec.

Continue reading SMS Phish – An Incident Walkthrough→

Become The Malware Analyst Series: PowerShell Obfuscation Shellcode

Posted on August 20, 2020 by Amanda Mates

In this second installment of the ‘Become a Malware Analyst Series,” Principal Incident Response & Research Consultant Scott Nusbaum focuses on PowerShell obfuscation by analyzing a PowerShell sample that was identified during an… Continue reading Become The Malware Analyst Series: PowerShell Obfuscation Shellcode→

Become The Malware Analyst Series: Malicious Code Extraction and Deobfuscation

Posted on July 7, 2020 by Nathan Noll

In this video, Senior Incident Response & Research Consultant Scott Nusbaum demonstrates a method to extract and deobfuscate code from a malicious document. Upon rendering the code readable, Nusbaum works to gain an understanding of the goals the malware was attempting to accomplish and the processes by which it undertook that effort. This video is…

The post Become The Malware Analyst Series: Malicious Code Extraction and Deobfuscation appeared first on TrustedSec.

Continue reading Become The Malware Analyst Series: Malicious Code Extraction and Deobfuscation→

Are You Looking for Ants or Termites?

Posted on July 1, 2020 by Amanda Mates

Over the last several months, I’ve noticed something when discussing Incident Response (IR) with clients. There is often confusion between the expectation and reality concerning the end results of an IR investigation. My goal here is to clarify and set those expectations, and to show how Threat Hunting factors in. When TrustedSec gets called to…

The post Are You Looking for Ants or Termites? appeared first on TrustedSec.

Continue reading Are You Looking for Ants or Termites?→