Showing Posts About

Incident Response

  • 15 Jul 2020

The Fake Cisco

An IT company discovered hardware failures in suspected counterfeit Cisco Catalyst 2960-X network switches. F-Secure's Hardware Security team investigated the devices and identified an undocumented vulnerability that bypasses Secure Boot restrictions. The investigation concluded with reasonable confidence that no intentional backdoors were present in the counterfeit hardware.

  • 16 Oct 2015

Journey Into Hunting The Attackers

A presentation at BSides Manchester 2015 explored stealthy credential retrieval techniques used by attackers targeting Windows systems. The talk focused on methods for extracting credentials that can bypass Anti-Virus detection. Techniques discussed included using built-in Windows commands and attacker tools designed to remain undetected during system intrusions.

  • 24 Dec 2010

Forensic Readiness: A Primer

Forensic readiness is a critical component of cybersecurity incident management. The article outlines six key strategies for organizations to prepare for potential security incidents, including accepting that incidents will occur, educating staff, maintaining flexible response plans, enabling communication, implementing robust logging, and dedicating appropriate budget and resources.

  • 2 Jun 2010

Journey to the Centre of the Breach

This whitepaper explores computer forensics techniques for investigating a server security breach. It details a case study of an FTP server incident, demonstrating how digital forensic methods can be applied to log file analysis and malware reverse engineering. The document highlights the broader application of forensic investigation techniques beyond law enforcement.

  • 18 Jan 2010

Google Forensics (...beta)

File carving is a forensic technique for recovering deleted files by extracting data based on file header signatures. Unique web artifacts like Google's commemorative logos can provide contextual information about system usage and activity. This method allows forensic investigators to reconstruct system interactions by analyzing temporary internet files and their visual content.