Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "forensics"
D: “Did the attackers exfiltrate any data?”
M: “I can’t say for sure, but most likely based on—”
D: “—but did you find any undeniable evidence of it?”
M: “Keep in mind that the absence of evidence isn’t necessarily evidence of absence. There was very limited logging to begin with and the attacker erased artifacts and logs.”
D: “If there’s no evidence, then there was no exfiltration.”
M: “If a business doesn’t have cameras on its front door and then gets robbed, it can’t claim there was no robbery just because they didn’t video-record it.”
D: “That’s a poor analogy. Nothing’s missing here. I couldn’t care less if a robber made a *copy* of my money. That isn’t robbery.”
M: “... If the Titanic really hit an iceberg, then how come no pieces of an iceberg were ever found in the wreckage?”20
Definitely my security teacher. He actually expected us to actively learn the stuff and put effort into our education. He guided us through malware analysis and reverse engineering, simplifying it without insulting us.
We had students who thought they knew everything and he corrected them. We had arrogant students he put in place.
He treated us like adults and expected us to act like adults.
That's the only class I enjoyed studying for, because he would tell us exactly what wasn't on the exams (it was an intro course, didn't need to know the math). There were no trick questions.
I told him about the shitty teacher and he helped me through that confidence block. He helped me realize I *can* make it through the workforce as a female in security because I will work my ass off to be the best I can be. He reminded me why I love computers and why I want to go into forensics.
He's been a great mentor and role model and hiring him is one of the few things my department did right.7
I'M STARTING GRAD SCHOOL!!!!! I'm so excited I can't think properly. I started screaming in Latin and German mixed with English because I couldn't remember enough words in any one language to express myself, and I'm still certain I was incoherent.
Doing cybersecurity and forensics because I hate having a social life 😎17
So I attended a start-up event yesterday which was purely focused on North America and especially Canada.
Now I have a brain ache after listening to every kind of buzz words, for two fucking hours, that have ever been existed.
AI, Machine Learning, Blockchain, Silicon Valley, Angel Funding, Start-up, Virtual Reality, Augmented Reality, Venture Capital, Clean Technology, Clean Energy, IoT, Data Scientists, Financial Forensics, Quantum Machine Learning and Data Analysis, Next Generation Technology, and the list is endless.
For fuck sake, can these people calm their titties down?
I am fed of people using the buzz words with no implementation at all. Things are not leading anywhere and we are still stuck with age old COBOL and such languages.
We still have a lot of time to bring this things to local market where anybody can use and implement them.
Now I need some good rant to calm myself down.10
I know the hate for Facebook is strong here, but I was just approached to work on their eCrimes team... Catching online predators and the like... I'm honestly considering it, given how much evidence is posted. But it requires so much more programming knowledge than I have... I don't know where to start...27
NCIS Logic. Type "dir" and "find . ." Into full screen cmd and full forensics investigation complete.8
Since I moved from pure dev to Code Forensics, and studying with Forensic Computing students (who do one module on security), the amount of Kali Linux wallpapers on a Windows machine is overwhelming.
It's like the entire class watched three episodes of Mr Robot and now thinks they can change the world with a goddamn semester of teaching!4
Digital Forensics !
a whole new world ...
Got the course from packt.
Any other awesome references for that ?10
I was wondering how a sysadmin would know if the user sending malicious traffic is the real attacker or his account has been hacked ?
(Also probable that the attacker has faked his mac address to user's device)9
My best project was a digital forensics project back in uni, digging through raw data the police forensic guy / professor gave us. Rarely Ive been so enveloped by anything as digging through raw data finding the clues as to what the guy had been up to and how he hid it.2
I remember when that IRS back tax scam was a thing and I had to explain to my parents that they couldn't access irs.gov or the fraud reporting sites because their home network had been MITM'd. Was told "But it's a .gov, aren't those only accessible if you're in the government?" Then they blamed me because I'm "a hacker and maybe the feds caught on" (I do digital forensics and security auditing, but my day job is enterprise hardware repair.) Should have just tethered to my phone for my visit and let them suffer the consequences tbh3
I tried using Lynda the other day for what I assumed would be improving my theoretical knowledge of digital forensics. Part of the lesson in "advanced" digital forensics was that people change filename extensions to make them look innocuous, and how to use nano.
Recently started doing ctf's, the satisfaction it brings to solve (and learn) these challenges huge. Learnt alot about forensics and cryptography in a short amount of time, the community surrounding it is awesome aswell!
This is fucking how you do it!
Ticketmaster UK had a "data security incident" where they don't really know if any data was actually leaked/stolen/"accessed by an unknown third-party" — their response:
1. Disable the compromised service across their platforms
2. Send a mail to any customer that may have been affected (I got one in Danish because I had only interacted with them through a Danish subsidiary)
2b. All notified customers have their passwords reset and must go through the "Forgot password" process; the _temporary_ password they sent me was even pretty nicely random looking: ";~e&+oVX1RQOA`BNe4"
3. Do forensics and security reviews to understand how the data was compromised
3b. Take contact to relevant authorities, credit card companies, and banks
4. Establish a dedicated website (https://security.ticketmaster.co.uk/...) to explain the incident and answer customer questions
5. "We are offering impacted customers a free 12 month identity monitoring service with a leading provider. To request this service please visit [this page]"
EDIT: As mentioned and sourced in the first comment, the breach was apparently noticed by a banking provider and reported to Ticketmaster on the 12th of April and later to Mastercard on the 19th of April.
Ticketmaster's internal investigation found no evidence of breach (which makes sense, as it wasn't an internal breach), but when Mastercard issued an alert to banks about it on the 21st of June, Ticketmaster followed up by finding the actual breach and disabling the breached third party service on the 23rd of June.
I still think they did the right thing in the right way...2