Articles on Incident Response

• Training Free Recorded Malware Forensics and Analysis Webcasts
• Malware When Indicators of Compromise (IOCs) Entered the Mainstream Enterprise
  Indicators of Compromise (IOCs) are custom, incident-specific signatures that organizations use to detect attacker artifacts. Mandiant popularized the term around 2007, and by 2015 the concept gained...
• Malware Who Was the First to Use the Term Exfiltration in Cybersecurity?
  The term "exfiltration" in cybersecurity—referring to data leaving a compromised network—appears to originate from military terminology about withdrawing troops from dangerous positions. The earliest...
• Incident Response Some Facts and Conjecture About the VeriSign Data Breach
  VeriSign's 2011 SEC filing disclosed a 2010 breach where information was exfiltrated from compromised corporate systems. The APT-style attack characteristics and inability to assess future misuse of...
• Incident Response Incident Response on 64-Bit Windows Using 32-Bit Tools
  Windows' WOW64 File System Redirector transparently redirects 32-bit tools accessing System32 to SysWOW64, causing forensic investigators to examine the wrong files without realizing it. Stick to...
• Incident Response The Adversarial Cycle of Computer Attacks and Defenses
  The adversarial cycle has four phases: Attack (unfettered), Detect (forming response), Defense (attack rendered ineffective), and Mutate (attacker adapts). Defenders shorten Attack/Detect through...