Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “Don’t Be a SOC B”, 2) “ShmooCon FireTalks 2016 Speakers & Abstracts and 1) “ShmooCon FireTalks 2016 Speakers & Schedule”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference. A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered remote-access.
Security != Number of Vulnerabilities: On the last day of 2015, CVE Details published their annual security-by-number-of-vulnerabilities report again. Although there are some interesting numbers to take away (e.g., comparing vulnerability counts of a single piece of software, like those from Adobe, versus an entire OS), publishing data like this only perpetuates the misleading myth that the security of a product is somehow related to its number of vulnerabilities. (continued here)
QOTD: Sadly, the Cost of Overcoming Bureaucracy Is …: For anyone with a few years of working in the government space, you are far too familiar with the slow pace at which work is done. It is not any one person’s fault but rather a large complex system with a cadre of multiple stakeholders, different sources of funding, numerous hidden administrative hoops, participants with their own personal agendas, and an endless series of meetings doing nothing more than kicking the proverbial can that is the urgently needed solution further down the road. (continued here)
Announcing ShmooCon Firetalks 2016 Sponsors: Great news … ShmooCon Firetalks has received sponsorship from Cobalt Strike, Tikras, and Arrow Ventures covering the Platinum, Silver, and Bronze levels. Due to to administrative error on my part I messed up the Gold sponsorship … so if there are any organizations or company’s out there willing to support let my know at @grecs. (continued here)
More Free SOC Exercises & Scenarios: I was perusing through NIST SP 800-61, titled “Computer Security Incident Handling Guide” for those not familiar with it, the other day and noticed a good resource of pre-built incident handling table top scenarios in one of its appendices. This section might be of interest to those working in SOCs or on incident response teams. This appendix joins another good resource we found a while ago as a great reference for drilling your team in responding to common intrusions. Know of any other good resources for exercises and scenarios? Let us know in the comments below. (continued here)
Don’t Be a SOC B: Joshua Godfarb wrote an excellent article a while ago that I often reference when trying to explain to non-security types why less is more when it comes to SOC alerts. In his post he basically emphasizes the need to up the signal (high fidelity alerts we are sure about) and turn down the noise (all those false-positives) from the alerts analysts see. In the article Joshua mentions a fictitious SOC A, with high S:N ratio, and SOC B (probably most of us not due to own own fault), with a low S:N ratio. As the use case goes on … of course SOC A stops the bad guys and SOC B gets pwned. At the end he mentions using alert S:N ratio as a metric you might want to start tracking. If you are one of those many SOC Bs out there, SOC A in this article should be your goal. (continued here)
ShmooCon FireTalks 2016 Speakers & Schedule: Just a short post to announce the speakers for this year’s ShmooCon Firetalks… The selection committee has pull together a diverse program with the most interesting talks combined with a good mix of established and new speakers. (continued here)
ShmooCon Firetalks 2016 Speakers & Abstracts: Just realized that I forgot to include the full abstracts in yesterday’s post. For your reading pleasure and to learn more about some of the mysterious titles read below. I would also like to formally announce the logo of our Gold sponsors … from the tag-team duo of @digininja and @webbreacher. (continued here)
Dear Vendors: Now Would Be A Great Time to Remove Dual_EC RNG: It was the NSA a while ago. Then RSA a few years back. Then NIST finally removed it from being an approved algorithm. And most recently Juniper got into the hang of things. (continued here)
Online MASTIFF: We have talked about using MASTIFF several times before as part of your malware analysis process. It is a wonderful automated static analysis framework created by Tyler Hudak (@secshoggoth) from KoreLogic Security. For those not familiar with MASTIFF, here is the description from their git site. (continued here)
Hope everyone had a wonderful week! Have a great weekend!