LoveMyTool - Open Community for Network Management and Monitoring: Malware & Crimeware

25 posts categorized "Malware & Crimeware"

October 05, 2013

The Man'ority Show - Law Enforcement

Posted in Law Enforcement, Malware & Crimeware | Permalink | Comments (0) | TrackBack (0)

August 28, 2013

The Strange History of Port 0 (by Jim MacLeod)

The Strange History of Port 0

While reading the latest report from Arbor Network on DDoS activity across the Internet in Q2 2013, a particular phrase jumped out at me:

“ TCP fragmentation attacks (port 0) are up from about 10% last year to nearly 25% this year. ”

There are three reasons I don’t understand that statement. First, TCP is a streaming protocol, not a datagram protocol, so there’s no concept of “fragmentation” within TCP. Second, googling “TCP fragmentation” results in an IDS evasion technique using overlapping SEQ numbers in retransmissions to replace the contents of the receive buffer on the recipient, but not the IDS (see here for an awesome example including Wireshark screenshots), but that has nothing to do with port 0. Third, and the one I will explore here, port 0 isn’t defined as a valid port.

DDOS attack Know thy enemy!

Despite the fact that port 0 isn’t a valid port for traffic, network management tools will regularly report that you’ve got traffic headed there. However, that’s not what the packets contain.

Continue reading "The Strange History of Port 0 (by Jim MacLeod)" »

Posted in Cyber Crime, Data Visualization, Malware & Crimeware, Oldcommguy | Permalink | Comments (4) | TrackBack (0)

February 15, 2013

Never Give Up While Freedom Is On The Line (by Casey Mullis)

I recently had the pleasure of assisting another Investigator from Carroll County with forensics on one of the new Macbook Pro 13 inch with a 128 GB SSD. The first thing you notice is there is no CD/DVD drive. There is also no Firewire port only a thunderbolt port and USB 3.0.

So now what? I first tried booting with Blackbag's MacQuasition but it would not boot. I called Blackbag tech support and found out that the version I had did not support the new model of Macbook that we were working on. The hard drive in the Macbook was a SSD nonstandard drive. See image(s) below.

So what do you do? Do you give up on getting the forensic image of the hard drive or do you push forward and keep digging to find a solution?

Continue reading "Never Give Up While Freedom Is On The Line (by Casey Mullis)" »

Posted in Casey Mullis, Cyber Crime, Forensics & Deep Packet Capture, Malware & Crimeware | Permalink | Comments (0) | TrackBack (0)

July 06, 2012

Security Threats Continued: Why They Are Targeting Your Business? (by Jim MacLeod)

Over the last few posts, I’ve dissected the major security threats that are happening on your network today. The first piece dissected the “Who,” mainly how do you classify these perpetrators based on a set characteristics that they share. The next post took a look at the “How” hackers enter your network and what you can do to help safeguard it. For the final piece of this series we will look at the “Why.”

Where is your Attack Level?

While there are lots of sociological theories and studies on why people vandalize and steal, this post will focus the “Why” on the current most common motives that drive hackers to penetrate your network.

1. “Lulz”
2. Profit
3. Ideology

Continue reading "Security Threats Continued: Why They Are Targeting Your Business? (by Jim MacLeod)" »

Posted in Intrusion Detection, Law Enforcement, Malware & Crimeware, WildPackets | Permalink | Comments (0) | TrackBack (0)

June 30, 2012

Who owns network history? (by Spencer Greene)

Network History a Key to network success!

The task of knowing exactly what has happened on a network isn’t always easy, but perhaps even more perplexing to IT organizations is determining who is actually responsible for culling this crucial information. Particularly, should network recording and flow collector tools be operated by the security team or by the networking operations team?

The cop-out here would be to say, “It depends on the organization,” and then move on to the next question. After all, both network and security groups need to use network history data, and both groups generally have the right skills to operate network recording equipment. Additionally, you could find examples of successful deployments from both directions. So to say there is a concrete answer that fits each and every situation would be presumptuous, however there are pretty compelling arguments that suggest the network operations side should likely own the task. Let’s take a closer look.

In point of fact, there is a clear trend here: Network history is becoming a core network service, and as such, the best practice in most organizations is for it to be owned by the network operations group. Forward-looking network operations teams are keeping network history for their own purposes – to respond to difficult issues and understand network traffic patterns – and they are providing appropriate access to security teams and cooperating with them to deal with security incidents. From the security side, we see more and more teams expecting and demanding network history to be provided by the network itself and deploying their own network history equipment only when the network operations team absolutely can’t be convinced.

Why is this so? Here are a few of the reasons we have encountered:

Continue reading " Who owns network history? (by Spencer Greene)" »

Posted in Forensics & Deep Packet Capture, Malware & Crimeware | Permalink | Comments (0) | TrackBack (0)

June 01, 2012

Six Reasons to Enforce Your Organization’s Web Security (by Casper Manes)

You know the Internet can be a dangerous place, full of threats to your systems and time sinks that users can spend hours in without even realizing it, but you may still be on the fence when it comes to whether or not you should do anything about it. Protecting your company and your users from the threats of unrestricted Internet access is a really easy thing to do, so if you are still trying to decide on this, here are six reasons why you should enforce your organization’s web security.

Technical issues

Technical issues usually come down to defending against malware. Whether the threats come from malware infected downloads, compromised websites serving infected media files, or phishing sites designed to steal your users’ credentials, you need to boost your organization’s web security.

Continue reading "Six Reasons to Enforce Your Organization’s Web Security (by Casper Manes)" »

Posted in Intrusion Detection, Malware & Crimeware | Permalink | Comments (2) | TrackBack (0)

May 24, 2012

Operation New Son (OpNewSon) – Are you ready??? This could happen to you! (by- Tim O'Neill)

Time to Prepare - Are you ready???

The FBI and international Law Enforcement are warning major companies World Wide of an impending DDOS attack on May 25^th.

Operation New Son - Tomorrow May 25th, 2012 – Download Operation New Son FBI announcement

Here is one of the attackers posts of their intention and info - http://pastebin.com/wq6KdgDg

This site also give hints of more info on Twitter, who may block the announcment tweet names –

@AnonymousWiki - @AnonymouSpoon - @MehIzDanneh - @TibitXimer - @Anonymau

They are asking for your help in attacking their targets.

I propose that it is NOT a good idea to neither support nor cause an attack, as you will be prosecuted!

Continue reading "Operation New Son (OpNewSon) – Are you ready??? This could happen to you! (by- Tim O'Neill)" »

Posted in Anue Systems, Law Enforcement, Malware & Crimeware, Oldcommguy, Technology and Society | Permalink | Comments (0) | TrackBack (0)

April 17, 2012

Keeping Your Business Safe From Network Security Threats (by Lisa-Ann Short)

In a world where more and more business is being done exclusively on the web, network security has never been more relevant or more important. The same goes for all industries – from those that help in designing changing rooms, to tech and web companies. If you run a business, or you're responsible for the network of one, there are a great many threats that you could potentially be faced with. Some you may already know about and have accounted for, others may be new to you. So with that in mind, let's take a look at a few of the most common network security threats that a small business may come across - and how you can best avoid them.

Spam emails and other malicious email

Let's start with the most common form of network security breach: spam emails and other malicious forms of mail. Because a business often has a great many email addresses active at any one time, there is plenty of opportunity for unscrupulous individuals to compromise network security. Many times all it takes to create a breach is for a member of staff to click on a link that they thought was genuine. This can lead to malware being downloaded to the individual's workstation, giving whoever is operating that malware access to your entire network. To avoid email issues, it's recommended to always have a spam filter active on your network. In fact, it's best to have one that's too sensitive than one that misses certain threats.

Continue reading "Keeping Your Business Safe From Network Security Threats (by Lisa-Ann Short)" »

Posted in Intrusion Detection, Malware & Crimeware | Permalink | Comments (0) | TrackBack (0)

April 07, 2012

Do we need a license??? How do we assure safety for our Children in the Wild West of the Internet?(by Tim O’Neill)

I wonder why we need licenses and age limits on everything that we can experience in life, from driving to drinking, except using the Internet?

We protect our Children from driving when they are under 16 and to try to stop them from drinking and smoking before they are old enough to make adult decisions. You cannot start a business without a license or practice medicine and many other adult behaviors!

There is one major variant to those common rules of access– Having access to the Internet, the 21^st Century Wild West Adult Show.

I am not proposing that we require an age limit, test and license, much less a tax or limits on access to the Internet.
I am curious why parents just give their kids access to a computer and turn them loose in this very adult and proven dangerous environment?

As an ICAC (Internet Crimes against Children), longtime Internet Safety instructor and Cyber investigator and Trainer, I have seen my share of events that have left me to ponder why we seem to put Internet Safety as the last thing we think of, until there is a problem. Don't we lock our doors and cars to keep out strangers and trouble ? Ok why then do we alllow the children open access and they can invite strangers and danger into your locked house??? Then when there is a problem we instantly blame everyone, except ourselves. We call the police then demand and hope for them to solve the issues but as parents we hold the majority of the blame for internet issues because we did not take any time to coach and watch over our kids, but we almost always blame the failure of society, the schools, teachers, police, law makers…etc but not the parents!!!

Important Rule #1 - No one is responsible for your children and their behavior except you, the parents!

Continue reading "Do we need a license??? How do we assure safety for our Children in the Wild West of the Internet?(by Tim O’Neill)" »

Posted in Law Enforcement, Malware & Crimeware, Oldcommguy, Technology and Society | Permalink | Comments (0) | TrackBack (0)

November 30, 2011

A Great Week – Computer Cache Training and CacheBack (by The Oldcommguy)

A new and easy way to dig into computer internet caches!

As many of you know I teach Cyber Investigation techniques..etc to Law Enforcement plus private and corporate security officers. Thus getting data out of the Internet cache for all the big browers is not an easy task until I was trained on the new CacheBack solution! Very Cool!

Two weeks ago, I had the pleasure of being trained, tested and certified on a new software tool for security and law enforcement personnel called CacheBack.

CacheBack is the brain child of John Bradley and even though the newest version is not out it is an awesome visualization tool for cached data from websites to chat. It even allows one to play a chat for court room viewing without using the entire product and suspect database.

He seem to have thought of almost everything from simplicity of operation, speed of acquisition, forensically sound processes to easy to develop sound, focused and yet simple reports on a very complex set of data.

CacheBack opens the suspect information in a simple to use tabular view, you select the evidence needed, it automatically carves out your selections then easily place in a report for evidence. The tool even makes use of Microsoft Excel and Access for custom report building or placing the information into larger reports.

Continue reading "A Great Week – Computer Cache Training and CacheBack (by The Oldcommguy)" »

Posted in Law Enforcement, Malware & Crimeware, Oldcommguy, Technology and Society | Permalink | Comments (0) | TrackBack (0)

LoveMyTool - Open Community for Network Management and Monitoring

Protocol Analysis, Data Recorder, CALEA, Lawful Intercept, Application Performance, User Experience, Industrial Ethernet, Data Loss Prevention, Deep Packet Inspection, NetFlow, SOX, HIPAA and PCI Compliance, Switching and Routing, Forensics, VoIP, IPTV ... etc.

Local Search

Recent Comments

LMT Authors

Top 10 Posts

Recent Posts

By Technology