March 8, 2015

GRR Live Memory Analysis

I wanted to write a quick follow-up to the last article discussing building out a GRR server. The one functionality that was having issues was live memory analysis and I thought this may have had something to do with the changeover from volatility to rekall. After troubleshooting this for a while and posting to the users group I realized that this was a testing environment issue. When I was originally testing I was using the default Amazon AWS environment. In the latest wave of testing I was using a private VPC with a subnet that had to connect out via […]
February 21, 2015

GRR Rapid Response Server Build Out

I’ve been spending a significant amount of time looking at endpoint solutions recently. My goal is to have an IR Swiss Army Knife and hunting platform as well as a tool that can perform random ad-hoc queries when the latest cyber crisis hits. There are a lot of tools out there that can do bits and pieces of this, and a few less than can do pretty much everything…but they cost a fortune. In this post I’ll discuss my experiences so far with a GRR Rapid Response Server Build Out. I stumbled upon GRR a while back and have played […]
February 10, 2015

Hacks Prompt U.S. to Establish New Cybersecurity Agency

President Obama is creating a new cybersecurity intelligence agency to be an “intelligence center.” Brilliant! It seems to me that either the National Security Agency (NSA), Central Intelligence Agency (CIA), or Federal Bureau of Investigation (FBI) would have this mission covered. Between these agencies, pretty much anything both international and national are covered. If for some (likely) bureaucratic reason these agencies didn’t have the mission covered, or couldn’t share the intelligence, surely there are other existing agencies that could fit the need. Cyber Command? Department of <name your flavor here>? This article notes that these agencies (and others) have “cyber” components, but not the […]
October 12, 2014

FastMail 2-Factor Authentication Unimpressive

I migrated to FastMail from Gmail a few weeks ago and I’ve been very happy with the service. Today I decided to dive in to enable 2-Fator Authentication (2fa) found FastMail 2-Factor Authentication Unimpressive. FastMail allows users to enable 2fa in order to better protect their accounts, which is fantastic. The disappointment here is that even with 2fa enabled, you can still log into account with single factor username/password. This is due to the password recovery process for 2fa. If you enable 2fa, you have two options to log into your account: password1 with 2fa (“alternative logon”) password2 (“master password”) The […]