Logparser play of a forensicator

My guru, I won’t name him, but he knows who he is, told me one day what we do is not exactly forensics, its actually Root Cause Analysis to find out how a security incident happened, so once we know that root cause we can do multiple things from ensuring preventions to mitigations and performing recovery….


Event based network trace collection-using powershell

This  post is like new version of my old post In this example I m using event id 1502 that gets generated when gpupdate completes successfully. This is an event you can generate on a domain joined machine by running gpupdate /force . so to test that’s what I do. In sequential order, the powershell script…


When malware spreads on the network, panic ,magic vs calmness ,sanity

I love to talk about things that amaze me, this one is also one of the interesting ones. However, I will quickly come to the point.So there was a situation, where a network admin was in a real panic state. He was seeing a very weird behaviour on few machines on the network. He was using…


Business need for Security Incident Management

Its been a while I m here at my blog. Believe me breaks work in amazing ways. This article is primarily for information security audience. But it wont hurt non-security folks either, as it would make sense to anybody. Many organisation even now don't have an information security program and obviously do not have security incident program,…


Azure forensics-interesting post on MSDN

sharing an awesome post i read on MSDN http://blogs.msdn.com/b/azuresecurity/archive/2015/08/14/azure-forensics-for-the-security-responder-how-i-learned-to-stop-worrying-and-love-the-cloud.aspx


Hack and a thought

Recently I came across a cute hack to reset windows 7 password, someone shared that to me , saying its cake walk http://www.oxhow.com/reset-windows-7-password-without-password-reset-disk/ I looked at it and tested it in lab and was able to change the password as explained in it. Then I also came across the ways to mitigate this for example. If…


Pass the Hash attack -who's problem is it anyway?

Introduction This intro is purely for people who are not from information security and have not heard of this attack, although that's rare. So straight from the Microsoft  pass the hash whitepapers. " What is the PtH attack? The Pass-the-Hash (PtH) attack and other credential theft and reuse types of attack use an iterative two stage…


Few words about DDOS(Distributed Denial of service) attack

Most of my friends from IT must be aware of what is a DOS(Denial of Service) attack and about DDOS(Distributed Denial of Service). For those friends who are not this article explains about DOS attacks and this one is about DDOS. Recently I worked on these scenarios and thought  of sharing the experiences and some suggestions….


Crypto locker on your Machine

Probably one of the smartest malware, in my opinion, yes I’m starting with praise for this malware. Very smart modus operandi. If you are struck with it, you have only two options either you pay or forget about your files. If you are smart then you will keep your machines protected by super patching, leaving…


Slow internet access downstream-upstream proxy scenario

 I came across a downstream-upstream proxy scenario recently. It was an interesting issue, when user points to upstream proxy server for proxy directly, his internet access works fine. But when he points to downstream proxy server, his internet was very slow. TMG data packager, about which I have discussed enough in this blog, shall not…

0