- Malware When Indicators of Compromise (IOCs) Entered the Mainstream Enterprise
Indicators of Compromise (IOCs) are custom, incident-specific signatures that organizations use to detect attacker artifacts. Mandiant popularized the term around 2007, and by 2015 the concept gained...
- Malware Who Was the First to Use the Term Exfiltration in Cybersecurity?
The term "exfiltration" in cybersecurity—referring to data leaving a compromised network—appears to originate from military terminology about withdrawing troops from dangerous positions. The earliest...
- Incident Response Some Facts and Conjecture About the VeriSign Data Breach
VeriSign's 2011 SEC filing disclosed a 2010 breach where information was exfiltrated from compromised corporate systems. The APT-style attack characteristics and inability to assess future misuse of...
- Incident Response Incident Response on 64-Bit Windows Using 32-Bit Tools
Windows' WOW64 File System Redirector transparently redirects 32-bit tools accessing System32 to SysWOW64, causing forensic investigators to examine the wrong files without realizing it. Stick to...
- Incident Response The Adversarial Cycle of Computer Attacks and Defenses
The adversarial cycle has four phases: Attack (unfettered), Detect (forming response), Defense (attack rendered ineffective), and Mutate (attacker adapts). Defenders shorten Attack/Detect through...
- Incident Response 9 Reasons for Denial-Of-Service (DoS) Attacks: Why Do They Happen?
DoS attacks happen for many reasons: extortion demands, turf wars between criminal groups, anticompetitive sabotage, punishment for refusing demands, political criticism, training grounds for future...