So it’s 10:30pm on a Sunday and the wonderful Jake Davis has asked me to give my thoughts on the ludicrous movie that is “Hackers” (1995). It’s been years since I watched it, so I broke out the popcorn…
My pinned tweet got a lot of attention online, in fact it’s got more attention than probably ever one of my other tweets combined – even more than that time I had a Rap Battle over twitter! Tweets are short, you’re limited to 140 characters and it’s difficult to give depth and context in such a small message.
Summary The period of dealing with a security breach is one of tension. If a company is not adequately prepared for the efficient handling of an incident then a time of tension becomes one of crisis.
I’m going to go ahead and open with: I am not a lawyer. If you’ve had a data breach and you need to know if you should notify an authority, or the public, you should speak to a lawyer. Don’t take legal advice from a blog post. I was researching the requirement to disclose under UK law and I thought it was interesting so here are some (probably incomplete) notes to explain (my interpretation of) the current UK Law.
A follower sent me a suspicious looking file recently to get my opinion on its behavior and to see if I could pull out a little detail on how it’s working. “Suspicious looking” because at the time, it was getting a zero score on VirusTotal but it appeared to be doing something just a little dodgy in the background. I wanted to post some notes around my quick tear down of the malware show that since so much malware is poorly written and obfuscated you can often do a large amount of analysis of a file’s behaviour in a short …
There’s no doubt that domain accounts with weak passwords can be a serious concern for companies, there are a few ways you can protect yourself against issues like this. The first is to set a domain and local account lockout policy and the second is to enforce password complexity. However if your users are using “Password1” as their password, neither of these steps will protect you.
Interpreting and understanding law is a difficult thing. However many Information Security, Ethical Hacking, and Cyber Security degree courses feature understanding the law as a requirement. There’s also an awful lot of law and literature out there about the many offences that an individual could commit during the normal course of careers in offensive security roles such as penetration testing.
Brief: A talk about options advanced attackers can deploy to beat behavioural malware analysis through the detection (and subversion!) of the behaviour engines themselves. Including a demonstration of how to beat modern engines through a working tool (demos!).This talk should be interesting to malware writers and analysts alike as it shows implementations of beating analysis, but also includes enough inline explanation to make it accessible to beginners.