Thursday, April 25, 2013

Learning Python - links for learning

I've been slowly learning to code in Python; mostly I've been using Learn Python the Hard Way.  So, it was great to see Mike's post on with great useful Python links.  Unfortunately, I missed that episode of the DFIR Online Meetup, but I'm thankful that he posted up all of his links.

Mike's links:
Link to Python resources.

edit 11/5/2013 to add:

A large list from GitHub

Google Developers

Think Python


edit 3/24/2014, to add from Harlan's blog:
World's Best Learning Center
80+ Best Free Python Tutorials/books
List of Free Python Books

Tuesday, April 23, 2013

Verizon Data Breach Investigations Report and Insider Threats

The 2013 Verizon Data Breach Investigations Report (DBIR) is out and there is lots of excellent information.  I have only had a chance to scan some of the information and read some of the analysis and posts.  One post I took note of came from DarkReading and discussed the Insider Threat numbers.

You can read the post here.

The full 2013 DBIR can be found here.

Monday, April 22, 2013

Hostgator post on an insider attack

Another day, another insider attack.  This one was detailed by Hostgator.  The link is to the post from NakedSecurity and their writeup of the breach - and how the insider got caught.

Here's the story.

Sunday, April 21, 2013

TechNiki describes an insider attack

The more companies share about the attacks and breaches, the more the community learns.  This is good for the community for two reasons.  One, we can all learn from actual incidents and two, the bad guys share intelligence - we should too.  So, it was great to read TechNiki's account of an insider attack.  Not good because it happened; but because we learned some of the insider controls that were breached.

This is a great write up, hopefully we can all learn something.

TechNiki's write up.

Saturday, April 20, 2013

Breaking radio job!

I know it has been a while since I have posted here; but lots has changed.  I have left the DoD contracting realm and moved on to a (very) large company where I work on their national incident response team.  The team is big, and my specific group gathers intelligence on the current persistent threats and implements controls to thwart those threats.  Of course, we're all incident handlers at heart, so when the alerts go off, we get dirty in the incident response process.

I absolutely love it.  Along with my other duties, I'll be delving into intrusion detection; something I do not have much experience doing.  Because of who my employer is, I am not at liberty to discuss the specifics of what we do, the incidents we face, and any of the specific threats we are combating.  A), I have a non-disclosure agreement.  B) Obviously, I can't give away secrets that would aid the adversaries.

However, I plan to keep the blog alive, talk incident response, intrusion detection, the state of those niches in incident response, and other current security issues that fit that mold.  Within incident response, I'm passionate about incidents dealing with the trusted insider - so there may be some posts in that vein.

Stay safe.