Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “ASD Back with 2014 Top 35 Mitigations”, 2) “Combating APT’s”, and 1) “More Malware Analysis Tools”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference.
A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered remote-access.
ASD Back with 2014 Top 35 Mitigations: Last week the Australian Signals Directorate (ASD), formally Defence Signals Directorate (DSD), published the 2014 version of their top 35 mitigations. I’ve always liked this list as a place to start, especially the top 4 (unchanged from last year). Theoretically, implementing only the top 4 mitigations, application whitelisting, application patching, OS patching, and admin privilege restriction in this year’s edition, could cut out “at least 85% of the cyber intrusions that ASD responds to” for adversaries “using unsophisticated techniques.” (continued here)
More Malware Analysis Tools: I’ve probably mentioned some of these tools before in other articles and presentations but what I really like about this post over at Journey Into Incident Response is that two of the tools are from those in the local NoVA area. Their contributions include Noriben by @bbaskin and Automater by @tekdefense. Rounding out the post’s selection of tools are Process Explorer with VirusTotal integration, PEStudio for quick static analysis, Cuckoo Sandbox for dynamic analysis, and the Pinpoint Tool for researching drive-by downloads as well as and several useful websites. (continued here)
Combating APTs: Yes, this article is fully buzzword compliant but it makes some great points for security professionals to think about and organizations to grow towards. About the only thing it is missing is “cloud.” Anyway, the six key take-aways (along with my non-buzzword compliant interpretations) include the following: (continued here)
Hope everyone had a wonderful week! Have a great weekend!