Top 10 Splunk and Cisco Highlights in 2014

Posted on 01/26/2015 by admin

Friea Berg at Splunk wrote a nice article summarizing some of the latest highlights of how Splunk and Cisco have been teaming up to provide end to end security visibility and protection. You can find the original post HERE.

Over the past 7 years Cisco and Splunk have built a broad and multi-faceted relationship.

Internally Cisco IT, security, engineering and other teams use Splunk software every day for operational intelligence and security analytics. Cisco shared details at Splunk’s 2014 user conference in a session titled “How Cisco IT Moved from Reactive to Proactive and Even Predictive with Splunk” and Cisco’s CSIRT team commented a blog post on Security Logging in an Enterprise “… [W]e moved to Splunk from a traditional SIEM as Splunk is designed and engineered for ‘big data’ use cases.” Continue reading →

Rating: 5.0/5 (2 votes cast)

njRAT Malware – remote control malware

Posted on 01/22/2015 by admin

My buddy Aamir Lakahni wrote a cool post on how to setup a njRAT (remote access toolkit). The original post can be found at drchaos.com via HERE.

Warning: The ideas, concepts and opinions expressed in this blog are intended to be used for educational purposes only. The misuse of the information from this article can result in criminal charges brought against the persons in question. Refer to the laws in your province/country before accessing, using,or in any other way utilizing these materials.

One of the most popular malware tools being used today is a RAT (remote access toolkit) named njRAT. Continue reading →

Rating: 5.0/5 (1 vote cast)

Why Migrate From Cisco NAC Appliance To ISE?

Posted on 01/20/2015 by admin

I have received the question “why should I migrate from NAC appliance to Identity Services Engine (ISE)?” a handful of times. This post will provide some reasons why you should consider migrating over. Regarding how to migrate and what discounts you could receive by migrating, see this post that covers these questions HERE.

Lets start off by looking at Cisco NAC and ISE. Continue reading →

Rating: 5.0/5 (1 vote cast)

Don’t Trust All Phone Calls: Phone Scams 2.0

Posted on 01/16/2015 by admin

There are many methods criminals will use to steal money that fall outside of normal attack channels. I was having dinner with a buddy from work and heard one of the most outrageous social engineering attack methods he recently experienced. To summarize, he had attackers call his home phone and try to get him to install malicious software. He figured out they were full of it yet went along with the scam for 20 minutes to see where they would take things. This post will cover his experience and variations of this attack seen in the wild.

Lesson learned …. don’t trust somebody just because they called you. Make sure to tell your friends and family this message. If you do some Google research, you will find many non-technical people are being tricked by this form of attack. Continue reading →

Rating: 4.5/5 (2 votes cast)

Here’s What Happens When You Install the Top 10 Download.com Apps

Posted on 01/14/2015 by admin

The people at howtogeek.com wrote a pretty funny yet sad post about research they performed. The concept is they went to download.com and downloaded the top 10 most popular downloads onto a virtual windows system to see what would happen (they skipped a few Anti Viruses since it doesn’t make sense to install more than one but outside of that went through the list). As shown in the previous screenshot, most of the software was laced with malware pretty much killing the functionality of their test system. The ironic thing is download.com has disclaimers on their website stating they don’t post software with malware, trojans or malicious adware before during or after the installation of software being shared (shown later in the post). According to the results from the howtogeek team, this is obviously not the case. I guess those old sayings are right about nothing is free and if its too good to be true … it probably is. Continue reading →

Rating: 0.0/5 (0 votes cast)

Ransomware on Steroids: Cryptowall 2.0

Posted on 01/12/2015 by admin

Andrea Allievi and Earl Carter posted a very interesting article on the Cisco security blog about a new version of Cryptowall. They talk about a very advanced threat capable of bypassing anti-malware and sandbox based defenses along with methods to hide communication to the control center using TOR channels. The original post can be found HERE.

Ransomware holds a user’s data hostage. The latest ransomware variants encrypt the user’s data, thus making it unusable until a ransom is paid to retrieve the decryption key. The latest Cryptowall 2.0, utilizes TOR to obfuscate the command and control channel. Continue reading →

Rating: 4.0/5 (1 vote cast)

Research Tool Featuring Live Attack Data From Norse

Posted on 01/07/2015 by admin

Norse is a research group that leverages hundreds of honey pots placed all over the world to collect attack data. Their claim to fame is their research goes beyond the general internet targeting “dark intelligence” meaning parts of the darknet where the bad actors live. They offer a few products that can be placed on your network as well as SAS services that work with their threat intelligence to identify attacks against your network. You can find their main website HERE.

One cool free online tool they offer is a live mapping of attack data. That data can be found at http://map.ipviking.com/ or HERE. Below is a screenshot of this tool. Its a pretty cool concept. Check it out Continue reading →

Rating: 0.0/5 (0 votes cast)

The Best Cyber Security Talks of 2014

Posted on 01/05/2015 by admin

My buddy Aamir Lakhani from dcchaos.com put together a list of the best cyber security talks of 2014. The rankings and opinions are purely his own. Some of these were based on technical knowledge, others were entertaining, and lastly some of these are a shout out to my friends and colleagues. You can find the original post HERE.

Continue reading →

Rating: 0.0/5 (0 votes cast)