In this podcast, you'll learn about:
Log analytics software that can be used to parse system logs for naaty malware
Detecting Malware artifacts
learn about windows directory locations
looking for indicators like packing, changed hashes, etc
Tips for capturing malware using tools like RoboCopy
Learn about what code caves are and how malware hides inside them (http://www.codeproject.com/Articles/20240/The-Beginners-Guide-to-Codecaves)
Michael Gough joined us again to discuss malware detection techniques on Windows systems. We talk about how you can modify Powershell's defaults to allow for better logging potential. Also, we find out some hidden gems that pretty much guarantee to let you know that you've been infiltrated.
Stay for the powershell security education, and you also learn some new terminology, like "Malware Archaeology", Malwarians, and 'Log-aholic', to name a few...
This week, we discuss various methods of enabling companies to move applications to cloud based platforms.
We discuss containers, like Docker, and how various hosting services handle converting businesses from a traditional data centers to a secure. cloud based entity.
We even discuss securing the data in the cloud, preventing bad guys from accessing it, as well as the cloud provider themselves, who can be served with a subpeona to hand over data.
Brakeing Down Security would like to thank FireHost for allowing Chase and Mike to join us.
With last week's revelation from Microsoft that they will support SSH, understanding powershell has become more important than ever as a tool to be used by blue teamers, both for adminstration, and to understand how bad guys will use it for nefarious deeds on your network.
Part 2 of our interview with Mick Douglas discusses a bit more about the DEV522 class that he teaches for SANS, and why it seems that blue team (defenders) are not getting the training they should. By being deficient in necessary skills, the knowledge between bad guys and the defenders widens.