Now that GFIRST has posted their schedule and agenda for this year (here), we would like to announce that we will be speaking there on investigating coordinated data exfiltration. This talk will be based on an investigation we performed last year for a large organization and that involved multiple insiders working in tandem to siphon data outside the company's network.
Our speaking slot is from 2:30-5:00PM on Tuesday, and the presentation will be delivered by Dr. Golden Richard (@nolaforensix) and Andrew Case (@attrc). Please be sure to stop by if you are attending and say hello.
Thursday, June 30, 2011
Wednesday, June 22, 2011
Phishing Web-Based Email Services with HTML5
We are writing this for our often co-researcher, Joe Sylve (@jtsylve), who has just released an interesting paper on a new phishing technique that utilizes "the programmable session history stack introduced in HTML 5." We found the paper and its results to be quite telling, and see it as another example of the security issues caused by the explosion of features put into the HTML5 standard with little or no security consideration.
The paper can be found here:
http://dl.dropbox.com/u/17627038/papers/html5phishing.pdf
The paper can be found here:
http://dl.dropbox.com/u/17627038/papers/html5phishing.pdf
Wednesday, June 8, 2011
The Open Memory Forensics Workshop (OMFW) is now open for registration
The 2011 Open Memory Forensics Workshop is now open for registration:
https://www.volatilesystems.com/default/omfw
The workshop will be held along with DFRWS 2011 and Digital Forensics Solution's Andrew Case (@attrc) will be presenting. We will have more details on the presentation as the event gets closer. Anyone interested in recent advances and current research in memory forensics is highly encouraged to attend.
https://www.volatilesystems.com/default/omfw
The workshop will be held along with DFRWS 2011 and Digital Forensics Solution's Andrew Case (@attrc) will be presenting. We will have more details on the presentation as the event gets closer. Anyone interested in recent advances and current research in memory forensics is highly encouraged to attend.
Friday, June 3, 2011
Android memory analysis research to be presented at SOURCE Seattle
It has been a few weeks since we last posted, and we wanted to give readers a notice about new research that will be presented in two weeks at SOURCE Seattle (link). Digital Forensics Solutions' researcher Andrew Case (@attrc) will be discussing code he developed that performs automated memory analysis of Android's Dalvik virtual machine (link). This talk will cover Dalvik internals, how the data structures are accessed offline, and use of the developed functionality against a number of popular Android applications.
On a final note, we also recently found out that Andrew's Linux memory analysis workshop has been accepted for Blackhat Vegas later this summer (link). More news about this will be released in the coming weeks.
On a final note, we also recently found out that Andrew's Linux memory analysis workshop has been accepted for Blackhat Vegas later this summer (link). More news about this will be released in the coming weeks.
Subscribe to:
Posts (Atom)