Efficient Windows Incident Response Scripting Techniques

April 2, 2017June 21, 2024 / Miguel Antonio Bigueur / Leave a comment

8 Minutes

Windows IR Scripting

Below is the IR Script that I produced for Windows systems. The test machine was Windows 2016 Core running inside of VMware Fusion 8. I’ve included some tools for the most commonly requested information. As an incident handler, I believe it is better to use the least complicated tools possibly to get the job done, therefore, avoiding unnecessary complications that run the risk of jeopardizing an incident response investigation. Batch scripting is also within my comfort zone. Another benefit of batch scripting is that they require the least amount of time to prepare and have proven to be very reliable across multiple operating system distributions.

Continue reading →

Incident Response Lifecycle: Six Stages from Indicators to Lessons Learned

March 23, 2017June 21, 2024 / Miguel Antonio Bigueur / Leave a comment

Continue reading →

Digital Forensic Analysis of Windows, Linux, and Mac OS X Systems

March 19, 2017June 21, 2024 / Miguel Antonio Bigueur / Leave a comment

Processor-CPU-Motherboard-Blue-Circuits-Circuit-Board-computer-wallpaper

4 Minutes

One forensic tool that can be used to analyze this type of data is EnCase Forensic available commercially or the freely downloadable open source digital forensic software called SIFT from SANS.

Windows

¹Shellbags: a.k.a. Registry Keys, are used by Windows systems to maintain the size, position, icon, and view of folders while using Windows Explorer.
- (Importance) Shellbags pose significant value to a forensics investigator because of the possible clues left behind that can easily be traced through parsing. This includes the modification to files, timestamps, and size.
²ShimCache: a.k.a. application compatibility cache
- (Importance) Some of the many artifacts left behind inside the Registry include what files have been executed in addition to when they were executed.

Continue reading →

Proactive Vulnerability Management for Business Security | ISO 27002

December 24, 2016June 20, 2024 / Miguel Antonio Bigueur / Leave a comment

24 Minutes

1. Introduction

A vulnerability is defined in the ISO 27002 standard as “A weakness of an asset or group of assets that can be exploited by one or more threats” (International Organization for Standardization, 2005)[1]

It is essential, in today’s society, for businesses to have an online presence in order to be fully capable of engaging in e-commerce and stay competitive. As a result, it’s imperative that businesses protect their data and put IT security at the forefront of everything they do online and off. With the advancement of new technologies comes opportunities for businesses to fall victim to scams through various attack vectors some of the most popular being social engineering and online computer network infiltrations.

Continue reading →

Putter Panda Cyber Espionage: China’s Unit 61486 Revealed

December 18, 2016June 20, 2024 / Miguel Antonio Bigueur / Leave a comment

Report by Miguel Bigueur and Daniel Bradley

13 Minutes

Executive Summary

Putter Panda is a criminal hacker organization based out of China that has been linked to numerous cyber espionage events against American and European governments and corporations. They are linked to China’s shadow army known as, Unit 61486 of the 12^th Bureau of the People’s Liberation Army’s 3^rd General Staff Department.

Putter Panda is accused of launching Advanced Persistent Threat (APT) style espionage campaigns against American and European based space and defense companies. The group’s primary motivation is economic advancement, and accelerating time to market for knock-off technologies^[1].

Continue reading →

Business Continuity Management & Solutions for Data Recovery | Cost-Effective Planning

October 21, 2016June 6, 2024 / Miguel Antonio Bigueur / Leave a comment

6 Minutes

Uninterrupted operation of information systems are vital components to helping us maintain a high availability network that helps support and provide continuous service to our customers. Information system resources are an essential element to our business success and it’s crucial that we identify services utilized in these systems which need to operate efficiently. Despite a greater awareness for the need of business continuity planning, research has suggested the costs for data center downtime increased significantly in recent times. In 2016, total costs were estimated to be at $2.4 million, up 39 percent within the prior three years.

Continue reading →

DROWN Attack and SSLv2 Vulnerability: Severity and Mitigation

May 22, 2016June 21, 2024 / Miguel Antonio Bigueur / Leave a comment

4 Minutes

This document will examine DROWN (Decrypting RSA with Obsolete and Weakened eNcryption), which is a vulnerability that attacks the TLS protocol while traversing secure HTTPS connections. This vulnerability is especially dangerous to any organization engaged in E-commerce with the need to complete financial transactions. TLS establishes secure HTTPS connections, which is typically done through the use of a web browser, allowing users to utilize applications such as: email, online shopping, instant messaging, online education, etc.… all with the benefit of an encrypted connection.

Continue reading →