The Incident Response Podcast

We discuss fileless malware and what you can do to detect and hunt for it

Discuss why Windows audit logging is an essential and FREE IR 101 that everyone should take on.

Discussion of what LOLBin and LOLBas are

www.LOG-MD.com/podcasts

Newsworthy Items: • INSURANCE COMPANY REFUSES TO PAY NOTPETRYA BILL, SAYS IT WAS AN ACT OF WAR, COMPANY SUES FOR $100M • 2-FACTOR AUTH BYPASSED ??? • 773 MILLLLLION PASSWORDS CIRCULATING THE INTERNET FROM PAST BREACHES • BYPASS BLACKLISTED WORDS FILTER (OR FIREWALLS) VIA WILDCARDS Malware of the month - First Sednit UEFI Rootkit Unveiled Site-worthy - websites of the trade to share Tool-worthy - some tools of the trade to share

Newsworthy Items: Over 1 BILLION Pwned Dell Breach Marriott/Starwood Breach Malware of the month - LOKIBot Site-worthy - websites of the trade to share Tool-worthy - some tools of the trade to share

Newsworthy Items: 1. NSS Labs fires off anti-malware-testing lawsuit at infosec toolmakers 2. Gartner says EDR will be a 1.5 BILLION, with a B business by 2020 3. Forrester Report on is EDR overblown

Newsworthy Items: ----------------------- After Sept 21st Credit Freezes are FREEEEEE - Article - by Krebs "Do you use a Tumi bag? Registered it with Tumi's Tracer service? British airways website hacked 380K users affected How Hackers Slipped by British Airways' Defenses - Wired Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob - WIRED Exploit vendor drops Tor Browser zero-day on Twitter - zdnet Bad Actors Sizing Up Systems Via Lightweight Recon Malware Site-worthy - websites of the trade to share Tool-worthy - some tools of the trade to share Malware of the month - EMOTET

Newsworthy Items: The most expensive Cyber attack EVER !!! (wired) City of Atlanta 17 million ransom attack APT32 proves what we say about logging - Monitor Scheduled Tasks Malware of the month - None, so send us something interesting... Site-worthy - websites of the trade to share Tool-worthy - some tools of the trade to share

Newsworthy Items - New Sysmon and Autoruns versions released. Be careful of VirusTotal uploads Malware of the month - None, so send us something interesting... Site-worthy - websites of the trade to share Tool-worthy - some tools of the trade to share

Newsworthy Items - The FBI asks us to reboot our routers Malware of the month - None, so send us something interesting... Site-worthy - websites of the trade to share Tool-worthy - some tools of the trade to share

News-Worthy Site-Worthy Tool-Worthy

News-Worthy Site-Worthy Tool-Worthy

News-WorthySite-WorthyTool-Worthy

"Incident Response, Malware Discovery, and Basic Malware Analysis, Detection and Response, Active Defense, Threat Hunting, and where does it fit within DFIR"