Incident Response Security Scripting for Windows and Linux systems


Windows IR Scripting

Below is the IR Script that I produced for Windows systems. The test machine was Windows 2016 Core running inside of VMware Fusion 8. I’ve included some tools for the most commonly requested information. As an incident handler, I believe it is better to use the least complicated tools possibly to get the job done, therefore, avoiding unnecessary complications that run the risk of jeopardizing an incident response investigation. Batch scripting is also within my comfort zone. Another benefit of batch scripting is that they require the least amount of time to prepare and have proven to be very reliable across multiple operating system distributions.

Continue reading

Developing an IR Team and Forensic Lab

Incident Coordinator Pressing INCIDENT RESPONSE

Computer hacking is growing in popularity among criminals who find themselves at the pinnacle of technological innovation. They are adept at finding new and inventive ways of breaking into computer networks and are growing bolder with each new brazen attempt. As a result, it has become more critical now than ever before for organizations to take a more proactive approach to defending their networks. Continue reading

Vulnerability & Patch Management Process


1. Introduction

A vulnerability is defined in the ISO 27002 standard as “A weakness of an asset or group of assets that can be exploited by one or more threats” (International Organization for Standardization, 2005)[1]

It is essential, in today’s society, for businesses to have an online presence in order to be fully capable of engaging in e-commerce and stay competitive. As a result, it’s imperative that businesses protect their data and put IT security at the forefront of everything they do online and off. With the advancement of new technologies comes opportunities for businesses to fall victim to scams through various attack vectors some of the most popular being social engineering and online computer network infiltrations. Continue reading

Putter Panda Cyber Threat Intelligence Card


Report by Miguel Bigueur and Daniel Bradley

Executive Summary

Putter Panda is a criminal hacker organization based out of China that has been linked to numerous cyber espionage events against American and European governments and corporations. They are linked to China’s shadow army known as, Unit 61486 of the 12th Bureau of the People’s Liberation Army’s 3rd General Staff Department.

Putter Panda is accused of launching Advanced Persistent Threat (APT) style espionage campaigns against American and European based space and defense companies. The group’s primary motivation is economic advancement, and accelerating time to market for knock-off technologies[1]. Continue reading

Defensive strategies for potential exploitation




A large number of cyber crimes committed within the United States is realizing constant growth over a long duration of time with minor deviations as seen in the figure below. Organizations must understand what potentially negative threats they are faced with and how to mitigate the risks associated with them.   Continue reading

Audit and Accountability (Case Study)



Auditing and accountability’s primary objectives are to ensure there are sufficient controls in place that provides evidence that can be audited in addition to ensuring the availability of records for sufficient amounts of time. This guarantees that when a system gets hacked, crashes, or gets a fat fingered input, there is a process in place to expedite the recovery of data, rollback changes, or perform tracebacks. Auditing and accountability has far reaching effects many of which that can bring light to instances of concealed activity hidden deep within the network. Continue reading

Contingency Planning for High Availability Networks (Case Study)



Uninterrupted operation of information systems are vital components to helping us maintain a high availability network that helps support and provide continuous service to our customers. Information system resources are an essential element to our business success and it’s crucial that we identify services utilized in these systems which need to operate efficiently. Despite a greater awareness for the need of business continuity planning, research has suggested the costs for data center downtime increased significantly in recent times. In 2016, total costs were estimated to be at $2.4 million, up 39 percent within the prior three years. Continue reading

Enterprise Patch Management (Case Study)



Computer and network security incident response is widely accepted and implemented in recent times due to the frequency of attacks attempting to compromise personal and business data. It’s critical for our organization to have the ability to systematically handle incidents by implementing a consistent incident handling methodology which enables us to respond quickly and appropriately. In addition to implementing a proper security incident management program, a sound patch management program will help create a robust defense of architectural designs for our organization as outlined below. Protecting company assets from attacks by patching vulnerabilities is only part of the risk equation where combined with an incident handling management program, institutes a good overall approach to risk management. Continue reading