- Tools Tips for Converting Shellcode to x86 Assembly
Two tools help analysts convert shellcode found in exploits or malicious documents into readable x86 assembly: ConvertShellcode.exe disassembles shellcode strings immediately, while shellcode2exe.py...
- Tools More Than a Hammer: Expanding the Information Security Toolbox
Security programs over-focus on networks and systems because infrastructure is most practitioners' background. The toolbox needs domain expertise in business functions, data analytics for measuring...
- Authentication Critical Log Review Checklist for Security Incidents
This checklist covers log review for incident response and routine monitoring: copy logs centrally, minimize noise by removing benign entries, verify timestamps, focus on changes and failures, work...
- Malware Metrics for Measuring Enterprise Malware Defenses
Tracking "infections caught" provides little insight because changes could reflect better detection or just more attacks. More useful metrics include percentage of systems with current AV signatures,...
- Risk Management Which Information Security Controls Are Most Important?
Comparing Securosis, PwC, and SANS 20 Critical Controls projects, system hardening appears across all three lists. Other consistently important controls include centralized security event monitoring,...
- Tools Mitigating Attacks on the Web Browser and Add-Ons
Drive-by exploits target vulnerabilities in browsers and add-ons like Java, Adobe Reader, and Flash. Defense involves sandboxing (Chrome, IE, Adobe Reader X), tightening settings via Group Policy,...