- Incident Response The Adversarial Cycle of Computer Attacks and Defenses
The adversarial cycle has four phases: Attack (unfettered), Detect (forming response), Defense (attack rendered ineffective), and Mutate (attacker adapts). Defenders shorten Attack/Detect through...
- Malware Analysis 3 Free Tools to Fake DNS Responses for Malware Analysis
When analyzing malware behaviorally, intercepting DNS queries lets you redirect network connections to lab systems. Three free tools simplify this: ApateDNS (Windows), FakeDNS (Windows), and...
- Malware How Antivirus Software Works: 4 Detection Techniques
Antivirus tools use four main detection techniques: signature-based (static fingerprints of known malware), heuristics-based (suspicious characteristics without exact matches), behavioral (observing...
- Tools Using ICMP Reverse Shell to Remotely Control a Host
ICMP can create covert command-and-control channels that cross many firewalls since organizations often allow ping traffic. The icmpsh tool demonstrates this—a Windows victim issues ICMP echo-request...
- Tools Controlling Adobe Acrobat/Reader JavaScript Support
Disabling JavaScript in Adobe Acrobat/Reader renders many PDF exploits ineffective. If full disabling isn't practical, Adobe's JavaScript Blacklist Framework lets users selectively disable risky API...
- Social Networking Explaining Computer Security Terms to Ordinary People
Technical jargon that security professionals use daily may be meaningless to non-IT people. A collaborative effort with SANS Institute defines commonly-used security terms like firewall, exploit, and...