Presentations

I realized that I have a few presentations but don’t have them linked on my site. I’m a bad webmaster.

Live Fire data breach incident drill – Constance Snelling and Bryan Murphy
Lansing ISSA Chapter
November 19, 2020

This session walked through the actions taken by various parties throughout a company during a ‘Live Fire’ data breach incident drill. In this drill, a threat intelligence vendor notified the Company’s Threat Intelligence department, through established communication lines, that customer data was for sale on the Dark Web.


Account Take Over (ATO) Threat Actor: Tactics, Techniques, Communications, and Underground Culture
January 9, 2019

Account Take Over (ATO) has become a large attack vector and many infosec professionals find themselves plunged into this unfamiliar world. One day you are working malware, IDS alerts, and employee misuse, as you always have. Suddenly you are in a world of financial fraud, tracking digital transactions, listening to phone calls and model threat actor TTPs. This presentation talks about the problem of ATO, how an organization can prepare themselves to deal with the issue, and most importantly, how the underground works. This will include how fraudsters communicate, tools of their trade and, how they monetize and launder their money. A good time will be had by all. No punch or pie will be provided.


The Semi-Coherent Ramblings of an Over-the-hill Incident Response and Forensics Guy
February 14, 2018

An InfoSec/IR veteran passes on valuable lessons, learned over the course of long and exciting career. The diversity of my work has lead to some interesting situations. From universities to defense; financial services to web hosting. Chances are I have seen it and learned something worth passing on about it. I will try to keep the ramblings as coherent as possible, but can’t make any promises on limiting the number of memes.

Unbiased Corona Virus (COVID-19) Resources

Some of my observations have compelled me to make this post. The bottom line is that the American media is failing us on COVID-19 coverage because it can’t get past partisanship.

The right-wing media is trying to tell you that it’s all been blown out of proportion and there is nothing to worry. The left-wing media is fixated on how severely Trump has failed/is failing at his handling of this pandemic. Neither is helpful.

The solution is to arm yourself with as much information as you can and form your own opinions.

I created a bookmark folder called COVID-19 and stuck these links in it. Now I just right-click -> open all in new tabs and read all of the sources.

These are some of the better links.

Real Resources:
https://www.cdc.gov/coronavirus/2019-ncov/index.html
https://www.arcgis.com/apps/opsdashboard/index.html… (Johns Hopkins Multi-Source map)
https://www.who.int/emergen…/diseases/novel-coronavirus-2019
https://www.who.int/…/novel-coronavirus-…/situation-reports/ (W.H.O SITREPs)

National Mainstream Media:
These are biased, but if you remember that when consuming their news you should be okay. Don’t just read the sources with views that politically align with yours. It’s important to know how others are thinking about this to better understand their behavior and prepare yourself.
https://www.cnn.com/…/coronavirus-outbreak-03-16…/index.html
https://www.foxnews.com/…/he…/infectious-disease/coronavirus

Collections:
https://news.google.com/search…
https://www.reddit.com/r/Coronavirus/

Local:
Be sure to bookmark your state’s web site as well as local government and local channels news.

New layout

My friend, Andrew, will be assisting me with the new design and layout.  He was my partner in crime in the creation of metaguard, membrane and metazoa.

He said that he will begin work on during the Thanksgiving break.  Although it just occurred to me that he lives in Canada.  I didn’t realize that people from Canadia [sic] celebrated Thanksgiving. 🙂

Laid off

I got laid off from work today.  There is not enough client work to keep me busy and not enough development/support work till the release of the new product.


I 'm not horribly bothered by it as I have seen it coming for about a month now.  Now I just collect unemployment and try and my CISSP and GLI swinging.

How spammers get past spam filters

My boss pointed something intersting out to me.  A penis enlargement email that keeps slipping past my spam assasin and his outlook client based anti spam software.


Check out this source…


at l<kwriomldwis>east 3 I<kophixzbmfahpt>NCH<kukntyadvxfru>ES or ge<kjgdkhybxvmbj>t
y<kggudaubtbo>our mon<kxeytamotthnl>ey bac<kpkevvobnpdeccq>k!


They throw giberish tags in between all the words so the spam filters dont find the words and the mail client just ignores all of the nonsense tags.


Spam filters should parse out all HTML and just look at the text IMO.

Chilie cook off

My chickie and I did a chilie cook off today.  This was the first time I have ever made chilie in my life and DAMN it turned out good! 🙂


I will post the recipe tomorrow.  I took the recipe that gryphn normaly uses (my favorite) and also used ideas from the recipes of world champion chilie.   It was good stuff.

Busy

For the last few months I have spent all of my time concealed in my house working on a  big top secret project.  I just got back from dropping my co-conspiriters back home in Canada.


Now details of the project will slowly start surface on this page and metazoa.ca.


Im going back to bed.

Fun with distros

Tonight I have been playing with my guiney pig openbsd server and setting up a standard build for my 'fleet '.  In doing this I have landed on a number of strange sites wile clicking off topic.


SELinux; The nsa aparently has developed a secure distro of linux.  In theory it sounds nice but I do I trust to not be back doored?  If I even have to ask it aint worth it. 🙂


Trustix; I gave these guys an awful review about a month back when I was going to write my “OpenBSD vs. Trustix” article.  Shortly after that they got bought out and became TSR Linux.  Now that group filed for bankrupcy protection and was purchased by Comodo… the same doods I have my ssl certificates through. 🙂  It looks like they some sort of backing from IBM and have a promising looking distro now. 


I think I 'm too into OpenBSD to turn back now.  On that note I just got “Absolute OpenBSD” from amazon today.  Good fooken book!  I highly recomend it.  Lots of info on PF, how it all works and why it works that way. 

GuardianLogic

My companys new site is getting closer and closer to a launch.  It will be a huge weight lifted off my shoulders one it does.  Automated billing and signup, support system, kbase, security related news feeds, monitoring and all kinds of other fun stuff.


I babysitted my nephew last night and played on his Playstation2 a bunch  (Hi Buddy!) wile my girlfriend was out purchasing a Gucci purse.


I am working on putting a new dual CPU workstation together for myself.  It will have a kicken windowed case and all that other fun stuff.  I will give you guys some pics as its being built.