- Networking Pros and Cons of Virtual Patching to Address Vulnerabilities
Virtual patching blocks attack vectors exploiting vulnerabilities using IPS, WAF, or database security tools—buying time to develop proper fixes. The danger is complacency: organizations with virtual...
- Malware Analyzing Suspicious PDF Files With PDF Stream Dumper
PDF Stream Dumper is a free Windows tool with GUI for analyzing suspicious PDFs. It scans for known exploits, navigates object structures, decodes streams, and includes a JavaScript interpreter for...
- Tools Tips for Converting Shellcode to x86 Assembly
Two tools help analysts convert shellcode found in exploits or malicious documents into readable x86 assembly: ConvertShellcode.exe disassembles shellcode strings immediately, while shellcode2exe.py...
- Authentication Critical Log Review Checklist for Security Incidents
This checklist covers log review for incident response and routine monitoring: copy logs centrally, minimize noise by removing benign entries, verify timestamps, focus on changes and failures, work...
- Malware Metrics for Measuring Enterprise Malware Defenses
Tracking "infections caught" provides little insight because changes could reflect better detection or just more attacks. More useful metrics include percentage of systems with current AV signatures,...
- Risk Management Which Information Security Controls Are Most Important?
Comparing Securosis, PwC, and SANS 20 Critical Controls projects, system hardening appears across all three lists. Other consistently important controls include centralized security event monitoring,...