Basics of Digital forensics Procedure

The digital forensics is the acquisition of digital evidence from many sources such as Laptop, PC, digital cameras, mobile phones ,Routers… USB and SSD cards. The first step is to make a clear picture of the object. The pictures must contain elements such a serial numbers, damaged areas. Then unscrew the device to take theContinue reading “Basics of Digital forensics Procedure”

Public key infrastructure (PKI)

A Public key infrastructure is a system that incorporates asymmetric encryption and certificate to provide security. There are two principals actors: The client and the certificate authority(CA). The Cryptographic Service Provider (CSP) on the client side generates the key pair. Once the key pair has been generated, the client will keep the private key andContinue reading “Public key infrastructure (PKI)”

Malware Information Sharing Platform-MISP

The Malware Information Sharing Platform is used to store ,share and collaborate on malware across organizations. The Indicators of Compromise (IoC) are used to detect and prevent Cyber attack. The MISP integrates many features :-Efficient Built-in database to store malwares, information on attackers and intelligence -Data are stored and shared in a structured format. -DataContinue reading “Malware Information Sharing Platform-MISP”

A look at Verizon Data breach digest report

Verizon released  its data breach digest report. It is a resume of 500 Cybersecurity investigations  occurring in over 40 countries. All scenarios were drawn from real-world cyberinvestigation.It is a 84 pages document with 18 scenarios divided in 4 groups:  The human element—five scenarios highlighting human threats or targets. Conduit devices—five scenarios covering device misuse or tampering.Continue reading “A look at Verizon Data breach digest report”

Cybersecurity Awareness Month

We welcome this month October in the security community, as the cybersecurity awareness month. There will be different topics everyday for cybersecurity awareness activities.  Phishing is the action of getting sensitive information from the victim without using force. Test yourself on how to recognise fake emails from legitimate ones by taking one of these test:Continue reading “Cybersecurity Awareness Month”

WIRELESS ENCRYPTION

Wireless networks are an easy way to connect our laptop, tablet or phone to the internet. Instead of using the traditional RJ45 cabling , the devices just needs to have a wireless card. There are three main types of encryption in wireless network: Wired Equivalent Privacy(WEP) which is available in 64-bit and 128-bit . ItContinue reading “WIRELESS ENCRYPTION”

HOME DEPOT BREACH

HOME DEPOT is a big box retailer in the USA. It suffered from a security breach that affected 56 millions payment cards. The malware used in the attack is most likely to have been used in others attack. Briankrebs who reported the attack suggests that the BlackPOS malware which was used againt  TARGET  was alsoContinue reading “HOME DEPOT BREACH”

CNET Hacked, Remote Servers accessed

CNET the most popular review technology websites has been hacked. A twitter user going by the name of worm and the handle @rev-priv8 posted a photo of a remote access to CNET.com server . The exploit was done through a vulnerability in the content management system probably WordPress or Joomla. CNET is not saying muchContinue reading “CNET Hacked, Remote Servers accessed”

Malware Sample Sources

Malware researchers need to test their skills and develop defense with real specimen. They can collect malwares sample from honeypot or download those from URL sources. The following sites can be resourceful: Contagio Malware Dump (Mobile Malware) Kernelmode.info Malshare Malware.lu AVcaesar MalwareBlacklist Malwr Open Malware SecuBox Labs Virusign VirusShare TheZoo /Malware DB ZeuS Tracker MalwareBazaar