Showing posts from November, 2014

Splunk Security Cheat Sheet

Apart from being a source of all too frequent and embarrassing typos, Splunk is a big data platform which allows you to interrogate data and present results is a variety of contexts and visualisations. I've been using it for a little over 12 months, self teaching or Googleing as I go, predominantly to sift through the terabytes of logs from various applications and appliances that get generated in my 9-5 every day.  You can use Splunk to build dashboards which are typically better than the ones that come with the product ( full size )  I've started to pull together all the searches, notes and bits of code into a sort of security cheat sheet which I thought would be a good thing to share as well as providing some real world examples of how you might use Splunk in a security context.  Cheat Sheet I'm actively working back through my notes and adding to this all the time so it might be a good thing to reference via the URL or re-visit from time to time. I'll t

Recent Malware Strategies

Like so many others I'm seeing an influx of booby-trapped Microsoft Word documents being sent in as email attachments with the end goal of infecting our endpoints with the Feodo/Cridex/Bugat trojan.  I'm relatively new to the whole malware analysis game, but what stands out to me more than the payload is the evidence of a strategy being played out. If you step back and look at the big picture, its clear that this is the work of an adversary that knows what they want, knows how they might achieve that and, most importantly, understands their target and their defenses. If our enemies are our greatest teachers then we, as security professionals, tasked with detecting and responding to threats can learn a lot from them. Not only can we use what we learn to shore up and improve our defenses but we can also use it to highlight, quantify and demystify our enemies to those we are charged with protecting. That last bit is perhaps most important because it is them, the stakehold