It’s always important to consider OPSEC when performing incident response. We regularly work with clients to ensure that they don’t cause issues for themselves during the investigation. Tipping your hand to the attacker can result in a failed containment, which likely will lead to a failed remediation. Today, while teaching my last SANS Incident Response […]
Archive by Author
WWHF Privilege Escalation Slides
Penetration Testing Privilege EscalationOn Friday morning, Rendition Founder Jake Williams had the honor of presenting at Wild West Hackin’ Fest in Deadwood, SD. He presented on privilege escalation tricks for Windows. Caveat: none of these tricks are particularly revolutionary, but they work. And that’s sort of the point. You don’t need 0-days to escalate in most networks and […]
iPhone Hacking and Indiscriminate Targeting
UncategorizedYesterday, Google Project Zero announced that they discovered a campaign exploiting a wide range of iPhone models and iOS versions in the wild. Google shared details about the exploits and the malware, but little about the campaign itself. This may be to protect business interests or it may be to stop a panic of those […]
Amazon Leaks Customer Data – And Belly Flops On The Response
Breach ResponseThursday night, I packed up my things to leave the office. On the way out the door, I turned back to my CEO (Brandon McCrillis) and said “oh <expletive deleted>, my Amazon account got hacked!” I said that after seeing an email on my phone updating me about the status of an order… an order […]
AVML – Memory Forensics For Linux
Incident Response Memory ForensicsOne of the problems we’ve experienced over the years with Linux memory forensics was the difficulty of obtaining a memory dump. This is because most acquisition tools require a loadable kernel module to be built on the exact same kernel version as the target. Building the kernel module on the target itself has several problems: […]
Leaving SANS – The end of an era
SANSThis is a personal post from Rendition Founder and President, Jake Williams. Rendition Infosec is growing rapidly and I need to spend more time with the company. While I greatly enjoy training, mentoring clients and helping them to secure their networks is better aligned with my own personal goals and the growth at Rendition. I’m […]
FaceTime Vulnerability – Enterprise Concerns
BYOD Threat ModelingThere’s a nasty FaceTime vulnerability that allows anyone to turn an iPhone into a surveillance tool. Exploiting the vulnerability couldn’t be easier (its so easy a child can do it). Just FaceTime the victim, then while the phone is ringing swipe up and add your number as another party on the call. This activates the […]
Restarting cybersecurity after the government shutdown (temporarily)
Shutdown Threat HuntingToday we got news that a deal has been reached to reopen the government with a short term funding bill that will allow lawmakers to negotiate while the government is open. But there’s only three weeks of funding in the short term bill and it’s completely reasonable to think that another shutdown is imminent (e.g. […]
PHP PEAR Backdoor Discovered
Software Supply Chain Supply Chain SecurityOn January 19th, the maintainers of the popular PHP package management system disclosed that they had discovered a backdoor in an installer component named go-pear.phar. The PEAR website is still down as of today and maintainers state that they have no ETA for when a clean site will be on line. Although initial indications were […]
DHS orders DNS security for federal agencies
DNS MFADHS has ordered that federal agencies must update the security of their DNS, all while the government shutdown continues. The move is in response to reports from FireEye and Talos that attackers have been compromising DNS and using that access to issue fraudulent TLS certificates. During incident response engagements with Rendition Infosec customers, we have […]