SlideShare une entreprise Scribd logo

Info sec is not daunting v1.0

Michael Gough
Michael Gough

Information Security may seem like a daunting task for SMB's, but if you do some basic things and know when to seek help, you can succeed!

Technologie
1  sur  39
Télécharger pour lire hors ligne
Information Security may seem like a daunting task for SMB's, but if you do some basic things and know when to seek help, you can succeed! Michael Gough – Founder MalwareArchaeology.com MalwareArchaeology.com
Who am I • Blue Team Defender Ninja, Malware Archaeologist, Logoholic • I am the one you call when $*!+ hits the fan • I love logs – they tell us Who, What, Where, When and hopefully How • Creator of the “Windows Logging Cheat Sheet” • Creator of the “Malware Management Framework” • @HackerHurricane also my Blog MalwareArchaeology.com
Goal • Interaction – Don’t be a Ding Dong and NOT ask a question… you WILL be rewarded • Learn some basics • Top 10 things everyone must do well MalwareArchaeology.com
• We discovered this May 2012 • Met with the Feds ;-) Why listen to me MalwareArchaeology.com
Yup, our PII is gone MalwareArchaeology.com
Of course you can… MalwareArchaeology.com
Step 1 Think about recovery MalwareArchaeology.com
Recovery – Your Backups • No matter what might happen, a hardware failure, theft, natural disaster or hackers with malware or worse a breach, recovery is your #1 goal • This means backups are key to your continued success • Organize the software you use, the data you have as that will aid in recovery IF, I mean WHEN something bad happens • Why? Because malware is software and you usually do not know it is on your system until something bad happens or AV goes off or someone calls you (the suits) and tells you that you have been breached. ;-( MalwareArchaeology.com
Backups • For desktops data should be stored on a server that is backed up • If you must store data on your desktop or laptop, then use a backup solution like Carbonite • Have your IT person, people or consultant validate the solution is working • Some solutions offer a boot disk to recover the entire system, OS and data • But how do you know when your system went bad? What backup do you recover the OS from? What if it was infected for weeks? • Why I prefer and recommend rebuilding the OS and Applications from scratch and then restore your data. MalwareArchaeology.com
Step 2 Rebuilding a system MalwareArchaeology.com
Rebuild a system quickly • Backups have your data • But the PC, MAC or Server OS needs to be built from scratch • Instructions, steps, special configurations • Make it easier for your IT person, people or consultant helping your organization to rebuild a dead or hacked system as fast as possible • Documentation for fast recovery is key MalwareArchaeology.com
Rebuilding is a good thing • It is the ONLY way you know your system is 100% clean! • Malware is written well to operate without detection for days, weeks or months • I rebuild my PC’s once or more per year • Patching takes the longest, takes me 2 hours to get up and running, 24 hours to finish patching • Restoring a backup of an OS will take about an hour, give or take, but how do you know it is clean? MalwareArchaeology.com
Step 3 Data and OS should be seperate MalwareArchaeology.com
Your Data and OS should not mix • One of the worst things I see is where people store data on the same drive as their operating system • If you want easier backups, keep data on a drive that does NOT contain the operating system to make it easier to rebuild a system and restore data • Only the OS and applications should be on the drive that boots the operating system • I prefer using a server share for your data that gets backed up, but we have laptops with one drive, so partition it into two parts; OS and Data MalwareArchaeology.com
Your data and OS should not mix • If you don’t use it, uninstall it • Less is more as far as Apps • Only install what you need and take an inventory • Please don’t store data in My Document ;-( – User space is first to be hit in a RansomWare event MalwareArchaeology.com
Step 4 Don’t be an Administrator MalwareArchaeology.com
Verizon DBIR How you get owned MalwareArchaeology.com
You are just a user • PLEASE… Don’t run as Administrator • “But I have an application that must run as Admin…” Fine, there is “Run As Administrator” for this, enter these credentials as needed • IF you have to because of a poorly written or old application, then NO SURFING THE INTERNET !!!! Or opening email attachments! Consider isolating this system • 90% of vulnerabilities will fail exploitation if you are a General User MalwareArchaeology.com
Step 5 Patch !!! MalwareArchaeology.com
Patching is crucial • Windows and Apple can auto update • PLEASE make sure this is happening • Let it interrupt your day • Do NOT fall behind • Malware takes advantage of what we call “ZERO DAYS” or “0-Day” vulnerabilities and patching breaks their exploit within 2 weeks of discovery, your patches come monthly ! MalwareArchaeology.com
Step 6 Anti-Virus or Anti-Malware MalwareArchaeology.com
Anti-Virus is useful • Everyone should know that Anti-Virus is no longer what it use to be • But it does catch older (1 year+) emailed malware or older malware found on compromised websites • It does NOT do a good job on newly crafted Phishing Email SPAM campaigns or newly compromised websites • So don’t spend a lot on this, free solutions are almost as good as paid solutions • Windows Security Essentials (Windows 7 - Free) • Windows Defender (Windows 8 - Free) • Sophos (MAC OS – Free) • Install only ONE AV solution • Do not install Anti-Spyware or other “Fear-ware” prevention • Stick to the big names MalwareArchaeology.com
Step 7 Update Apps!!! MalwareArchaeology.com
Update your Apps • Malwarians (the hackers) pick on your apps as a way in • Keep them up to date! • Install Secunia Personal Software Inspector (PSI) or the paid version for business • Better yet do NOT use applications that are exploited regularly • Any guesses? MalwareArchaeology.com
Update your Apps • Adobe anything – Bad – Use FoxIT, Sumatra or other PDF Reader – If required (Quickbooks)) install Adobe Reader and then install FoxIT and mke it your default PDF reader – Adobe Flash is builtin to Chrome • Java – Bad – Disable Java in your browser • Anything that is Browser launched or email attachment launched will be exploited ! • Don’t use Internet Explorer !!! Use Chrome and/or Firefox or Safari MalwareArchaeology.com
Step 8 Better Safer Browser MalwareArchaeology.com
Better Browser • Firefox – Use Security Plugins – No Script (blocks scripting on websites) – Ad Block (blocks ads used to spread malware) – Web of Trust (gives you an idea of good and bad websites when you search) • Chrome – Use Security plugins – Script Block (blocks scripting on websites) – Ad Block (blocks ads used to spread malware) – Web of Trust (gives you an idea of good and bad websites when you search) • Safari – For MAC lovers – Firefox and Chrome too, same above applies MalwareArchaeology.com
Step 9 Passwords MalwareArchaeology.com
Passwords are evil • Strong passwords • What do you think? • Long and random – How long? – But I can’t remember them? – There are so many accounts… • Password Managers are incredible !!! – LastPass is my favorite – Store all your passwords – NEVER store them in your browser! • Use 2-Factor authentication (Google Authenticator or a Yubikey) MalwareArchaeology.com
Step 10 Bookmarks MalwareArchaeology.com
Bookmarks • You need to save websites you visit often • LastPass will do most of this for you, not just ones with passwords • Another item that gets lost when your system crashes or is replaced • Remember that first goal? • Xmarks will synchronize your bookmarks to the Internet so you can easily restore them on rebuild. Just a plugin to your browser MalwareArchaeology.com
Extra Infrastructure MalwareArchaeology.com
Verizon DBIR – Top Remediation items MalwareArchaeology.com
What if you are big enough for in house infrastructure? • Outsource these functions – Email – Email protection – Web Surfing protection – Endpoint protection (Malware detection and prevention) • Use a consultant to set these up, less for you to maintain • Think about the data you are storing with cloud services (ADP, Salesforce, Amazon, Google) and use ones that are trustworthy and well known MalwareArchaeology.com
Use the Security features the OS has • Whitelisting – Windows – Software Policy Restrictions – Windows Ultimate or Enterprise – AppLocker • Logging – Can do SO much to detect bad things, needs to be enabled and configured – Splunk #1 – Loggly #2 – You outsource this unless you have staff – #1 thing I will ask for and do if you need someone like me MalwareArchaeology.com
Safer Web Surfing • OpenDNS • Inexpensive way to reduce bad sites being visited MalwareArchaeology.com
In Summary • Ten things you CAN do to help reduce damage caused by one of many outages • Know when to ask for help implementing these items by asking your IT person, people or consultant to do these often and well • All these items are basically FREE or very low cost and yes, people time • You don’t need to pay me to delete malware on a PC or two, just rebuild them and move on at the speed of business MalwareArchaeology.com
Resources • My Website – MalwareArchaeology.com • This presentation – SlideShare.com – Search for Malware Archaeology • Attend training or a conference – Bsides - SecurityBSides.org MalwareArchaeology.com
Questions? • You can find me at: • @HackerHurricane • MalwareArchaeologist.com • HackerHurricane.com MalwareArchaeology.com

Recommandé

Ask a Malware Archaeologist
Ask a Malware ArchaeologistAsk a Malware Archaeologist
Ask a Malware ArchaeologistMichael Gough
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Michael Gough
 
RMISC logging for hackers
RMISC logging for hackersRMISC logging for hackers
RMISC logging for hackersMichael Gough
 
Windows logging workshop - BSides Austin 2014
Windows logging workshop - BSides Austin 2014Windows logging workshop - BSides Austin 2014
Windows logging workshop - BSides Austin 2014Michael Gough
 
Logging for Hackers - What you need to know to catch them
Logging for Hackers - What you need to know to catch themLogging for Hackers - What you need to know to catch them
Logging for Hackers - What you need to know to catch themMichael Gough
 
Deeplook into apt and how to detect and defend v1.0
Deeplook into apt and how to detect and defend v1.0Deeplook into apt and how to detect and defend v1.0
Deeplook into apt and how to detect and defend v1.0Michael Gough
 
Proper logging can catch breaches like retail PoS
Proper logging can catch breaches like retail PoSProper logging can catch breaches like retail PoS
Proper logging can catch breaches like retail PoSMichael Gough
 
Logging for Hackers v1.0
Logging for Hackers v1.0Logging for Hackers v1.0
Logging for Hackers v1.0Michael Gough
 

Recommandé

Ask a Malware Archaeologist
Ask a Malware ArchaeologistAsk a Malware Archaeologist
Ask a Malware ArchaeologistMichael Gough
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Michael Gough
 
RMISC logging for hackers
RMISC logging for hackersRMISC logging for hackers
RMISC logging for hackersMichael Gough
 
Windows logging workshop - BSides Austin 2014
Windows logging workshop - BSides Austin 2014Windows logging workshop - BSides Austin 2014
Windows logging workshop - BSides Austin 2014Michael Gough
 
Logging for Hackers - What you need to know to catch them
Logging for Hackers - What you need to know to catch themLogging for Hackers - What you need to know to catch them
Logging for Hackers - What you need to know to catch themMichael Gough
 
Deeplook into apt and how to detect and defend v1.0
Deeplook into apt and how to detect and defend v1.0Deeplook into apt and how to detect and defend v1.0
Deeplook into apt and how to detect and defend v1.0Michael Gough
 
Proper logging can catch breaches like retail PoS
Proper logging can catch breaches like retail PoSProper logging can catch breaches like retail PoS
Proper logging can catch breaches like retail PoSMichael Gough
 
Logging for Hackers v1.0
Logging for Hackers v1.0Logging for Hackers v1.0
Logging for Hackers v1.0Michael Gough
 
Logging for hackers SAINTCON
Logging for hackers SAINTCONLogging for hackers SAINTCON
Logging for hackers SAINTCONMichael Gough
 
Logs, Logs, Logs - What you need to know to catch a thief
Logs, Logs, Logs - What you need to know to catch a thiefLogs, Logs, Logs - What you need to know to catch a thief
Logs, Logs, Logs - What you need to know to catch a thiefMichael Gough
 
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01Michael Gough
 
Sandbox vs manual malware analysis v1.1
Sandbox vs manual malware analysis v1.1Sandbox vs manual malware analysis v1.1
Sandbox vs manual malware analysis v1.1Michael Gough
 
Commodity malware means YOU
Commodity malware means YOUCommodity malware means YOU
Commodity malware means YOUMichael Gough
 
Finding attacks with these 6 events
Finding attacks with these 6 eventsFinding attacks with these 6 events
Finding attacks with these 6 eventsMichael Gough
 
Mw arch mac_tips and tricks v1.0
Mw arch mac_tips and tricks v1.0Mw arch mac_tips and tricks v1.0
Mw arch mac_tips and tricks v1.0Michael Gough
 
Detecting WMI Exploitation v1.1
Detecting WMI Exploitation v1.1Detecting WMI Exploitation v1.1
Detecting WMI Exploitation v1.1Michael Gough
 
InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0Michael Gough
 
You need a PROcess to catch running processes and their modules_v2.0
You need a PROcess to catch running processes and their modules_v2.0You need a PROcess to catch running processes and their modules_v2.0
You need a PROcess to catch running processes and their modules_v2.0Michael Gough
 
Windows IR made easier and faster v1.0
Windows IR made easier and faster v1.0Windows IR made easier and faster v1.0
Windows IR made easier and faster v1.0Michael Gough
 
Malware Management - HouSecCon 2014
Malware Management - HouSecCon 2014Malware Management - HouSecCon 2014
Malware Management - HouSecCon 2014Michael Gough
 
What can you do about ransomware
What can you do about ransomwareWhat can you do about ransomware
What can you do about ransomwareMichael Gough
 
Sandbox vs manual analysis v2.1
Sandbox vs manual analysis v2.1Sandbox vs manual analysis v2.1
Sandbox vs manual analysis v2.1Michael Gough
 
DIR ISF - Email keeps getting us pwned v1.1
DIR ISF - Email keeps getting us pwned v1.1DIR ISF - Email keeps getting us pwned v1.1
DIR ISF - Email keeps getting us pwned v1.1Michael Gough
 
Windows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to beWindows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to beMichael Gough
 
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?Michael Gough
 
Email keeps getting us pwned v1.1
Email keeps getting us pwned v1.1Email keeps getting us pwned v1.1
Email keeps getting us pwned v1.1Michael Gough
 
BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1
BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1
BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1Michael Gough
 
Email keeps getting us pwned - Avoiding Ransomware and malware
Email keeps getting us pwned - Avoiding Ransomware and malwareEmail keeps getting us pwned - Avoiding Ransomware and malware
Email keeps getting us pwned - Avoiding Ransomware and malwareMichael Gough
 
Email keeps getting us pwned v1.0
Email keeps getting us pwned v1.0Email keeps getting us pwned v1.0
Email keeps getting us pwned v1.0Michael Gough
 
Defending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about itDefending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about itJoAnna Cheshire
 

Contenu connexe

Tendances

Logging for hackers SAINTCON
Logging for hackers SAINTCONLogging for hackers SAINTCON
Logging for hackers SAINTCONMichael Gough
 
Logs, Logs, Logs - What you need to know to catch a thief
Logs, Logs, Logs - What you need to know to catch a thiefLogs, Logs, Logs - What you need to know to catch a thief
Logs, Logs, Logs - What you need to know to catch a thiefMichael Gough
 
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01Michael Gough
 
Sandbox vs manual malware analysis v1.1
Sandbox vs manual malware analysis v1.1Sandbox vs manual malware analysis v1.1
Sandbox vs manual malware analysis v1.1Michael Gough
 
Commodity malware means YOU
Commodity malware means YOUCommodity malware means YOU
Commodity malware means YOUMichael Gough
 
Finding attacks with these 6 events
Finding attacks with these 6 eventsFinding attacks with these 6 events
Finding attacks with these 6 eventsMichael Gough
 
Mw arch mac_tips and tricks v1.0
Mw arch mac_tips and tricks v1.0Mw arch mac_tips and tricks v1.0
Mw arch mac_tips and tricks v1.0Michael Gough
 
Detecting WMI Exploitation v1.1
Detecting WMI Exploitation v1.1Detecting WMI Exploitation v1.1
Detecting WMI Exploitation v1.1Michael Gough
 
InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0Michael Gough
 
You need a PROcess to catch running processes and their modules_v2.0
You need a PROcess to catch running processes and their modules_v2.0You need a PROcess to catch running processes and their modules_v2.0
You need a PROcess to catch running processes and their modules_v2.0Michael Gough
 
Windows IR made easier and faster v1.0
Windows IR made easier and faster v1.0Windows IR made easier and faster v1.0
Windows IR made easier and faster v1.0Michael Gough
 
Malware Management - HouSecCon 2014
Malware Management - HouSecCon 2014Malware Management - HouSecCon 2014
Malware Management - HouSecCon 2014Michael Gough
 
What can you do about ransomware
What can you do about ransomwareWhat can you do about ransomware
What can you do about ransomwareMichael Gough
 
Sandbox vs manual analysis v2.1
Sandbox vs manual analysis v2.1Sandbox vs manual analysis v2.1
Sandbox vs manual analysis v2.1Michael Gough
 
DIR ISF - Email keeps getting us pwned v1.1
DIR ISF - Email keeps getting us pwned v1.1DIR ISF - Email keeps getting us pwned v1.1
DIR ISF - Email keeps getting us pwned v1.1Michael Gough
 
Windows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to beWindows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to beMichael Gough
 
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?Michael Gough
 
Email keeps getting us pwned v1.1
Email keeps getting us pwned v1.1Email keeps getting us pwned v1.1
Email keeps getting us pwned v1.1Michael Gough
 
BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1
BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1
BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1Michael Gough
 
Email keeps getting us pwned - Avoiding Ransomware and malware
Email keeps getting us pwned - Avoiding Ransomware and malwareEmail keeps getting us pwned - Avoiding Ransomware and malware
Email keeps getting us pwned - Avoiding Ransomware and malwareMichael Gough
 

Tendances (20)

Logging for hackers SAINTCON
Logging for hackers SAINTCONLogging for hackers SAINTCON
Logging for hackers SAINTCON
 
Logs, Logs, Logs - What you need to know to catch a thief
Logs, Logs, Logs - What you need to know to catch a thiefLogs, Logs, Logs - What you need to know to catch a thief
Logs, Logs, Logs - What you need to know to catch a thief
 
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
 
Sandbox vs manual malware analysis v1.1
Sandbox vs manual malware analysis v1.1Sandbox vs manual malware analysis v1.1
Sandbox vs manual malware analysis v1.1
 
Commodity malware means YOU
Commodity malware means YOUCommodity malware means YOU
Commodity malware means YOU
 
Finding attacks with these 6 events
Finding attacks with these 6 eventsFinding attacks with these 6 events
Finding attacks with these 6 events
 
Mw arch mac_tips and tricks v1.0
Mw arch mac_tips and tricks v1.0Mw arch mac_tips and tricks v1.0
Mw arch mac_tips and tricks v1.0
 
Detecting WMI Exploitation v1.1
Detecting WMI Exploitation v1.1Detecting WMI Exploitation v1.1
Detecting WMI Exploitation v1.1
 
InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0InnoTech 2017_Defend_Against_Ransomware 3.0
InnoTech 2017_Defend_Against_Ransomware 3.0
 
You need a PROcess to catch running processes and their modules_v2.0
You need a PROcess to catch running processes and their modules_v2.0You need a PROcess to catch running processes and their modules_v2.0
You need a PROcess to catch running processes and their modules_v2.0
 
Windows IR made easier and faster v1.0
Windows IR made easier and faster v1.0Windows IR made easier and faster v1.0
Windows IR made easier and faster v1.0
 
Malware Management - HouSecCon 2014
Malware Management - HouSecCon 2014Malware Management - HouSecCon 2014
Malware Management - HouSecCon 2014
 
What can you do about ransomware
What can you do about ransomwareWhat can you do about ransomware
What can you do about ransomware
 
Sandbox vs manual analysis v2.1
Sandbox vs manual analysis v2.1Sandbox vs manual analysis v2.1
Sandbox vs manual analysis v2.1
 
DIR ISF - Email keeps getting us pwned v1.1
DIR ISF - Email keeps getting us pwned v1.1DIR ISF - Email keeps getting us pwned v1.1
DIR ISF - Email keeps getting us pwned v1.1
 
Windows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to beWindows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to be
 
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
 
Email keeps getting us pwned v1.1
Email keeps getting us pwned v1.1Email keeps getting us pwned v1.1
Email keeps getting us pwned v1.1
 
BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1
BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1
BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1
 
Email keeps getting us pwned - Avoiding Ransomware and malware
Email keeps getting us pwned - Avoiding Ransomware and malwareEmail keeps getting us pwned - Avoiding Ransomware and malware
Email keeps getting us pwned - Avoiding Ransomware and malware
 

Similaire à Info sec is not daunting v1.0

Email keeps getting us pwned v1.0
Email keeps getting us pwned v1.0Email keeps getting us pwned v1.0
Email keeps getting us pwned v1.0Michael Gough
 
Defending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about itDefending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about itJoAnna Cheshire
 
When Security Tools Fail You
When Security Tools Fail YouWhen Security Tools Fail You
When Security Tools Fail YouMichael Gough
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0Michael Gough
 
2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hosting2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hostingshendison
 
How to remove pro search.me
How to remove pro search.meHow to remove pro search.me
How to remove pro search.me森泉 小
 
SpiceWorks Webinar: Whose logs, what logs, why logs
SpiceWorks Webinar: Whose logs, what logs, why logs SpiceWorks Webinar: Whose logs, what logs, why logs
SpiceWorks Webinar: Whose logs, what logs, why logs AlienVault
 
Incident Response Fails
Incident Response FailsIncident Response Fails
Incident Response FailsMichael Gough
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 
TACOM 2014: Back To Basics
TACOM 2014: Back To BasicsTACOM 2014: Back To Basics
TACOM 2014: Back To BasicsJoel Cardella
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNorth Texas Chapter of the ISSA
 
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteJoomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteImperva Incapsula
 
SANS OUCH Newsletter April 2016
SANS OUCH Newsletter April 2016SANS OUCH Newsletter April 2016
SANS OUCH Newsletter April 2016Gene Ferro
 
Scaling a Web Site - OSCON Tutorial
Scaling a Web Site - OSCON TutorialScaling a Web Site - OSCON Tutorial
Scaling a Web Site - OSCON Tutorialduleepa
 
How to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat DetectionHow to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat DetectionAlienVault
 

Similaire à Info sec is not daunting v1.0 (20)

Email keeps getting us pwned v1.0
Email keeps getting us pwned v1.0Email keeps getting us pwned v1.0
Email keeps getting us pwned v1.0
 
Defending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about itDefending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about it
 
When Security Tools Fail You
When Security Tools Fail YouWhen Security Tools Fail You
When Security Tools Fail You
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0
 
2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hosting2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hosting
 
I Have My WordPress Site Now What?
I Have My WordPress Site Now What?I Have My WordPress Site Now What?
I Have My WordPress Site Now What?
 
How to remove pro search.me
How to remove pro search.meHow to remove pro search.me
How to remove pro search.me
 
SpiceWorks Webinar: Whose logs, what logs, why logs
SpiceWorks Webinar: Whose logs, what logs, why logs SpiceWorks Webinar: Whose logs, what logs, why logs
SpiceWorks Webinar: Whose logs, what logs, why logs
 
Incident Response Fails
Incident Response FailsIncident Response Fails
Incident Response Fails
 
Ransomware
RansomwareRansomware
Ransomware
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
INTERNET SAFETY FOR KIDS
INTERNET SAFETY FOR KIDSINTERNET SAFETY FOR KIDS
INTERNET SAFETY FOR KIDS
 
TACOM 2014: Back To Basics
TACOM 2014: Back To BasicsTACOM 2014: Back To Basics
TACOM 2014: Back To Basics
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
 
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteJoomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
 
SANS OUCH Newsletter April 2016
SANS OUCH Newsletter April 2016SANS OUCH Newsletter April 2016
SANS OUCH Newsletter April 2016
 
Scaling a Web Site - OSCON Tutorial
Scaling a Web Site - OSCON TutorialScaling a Web Site - OSCON Tutorial
Scaling a Web Site - OSCON Tutorial
 
Open Source Software
Open Source SoftwareOpen Source Software
Open Source Software
 
How to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat DetectionHow to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat Detection
 

Dernier

"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 

Dernier (20)

"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 

Info sec is not daunting v1.0

  • 1. Information Security may seem like a daunting task for SMB's, but if you do some basic things and know when to seek help, you can succeed! Michael Gough – Founder MalwareArchaeology.com MalwareArchaeology.com
  • 2. Who am I • Blue Team Defender Ninja, Malware Archaeologist, Logoholic • I am the one you call when $*!+ hits the fan • I love logs – they tell us Who, What, Where, When and hopefully How • Creator of the “Windows Logging Cheat Sheet” • Creator of the “Malware Management Framework” • @HackerHurricane also my Blog MalwareArchaeology.com
  • 3. Goal • Interaction – Don’t be a Ding Dong and NOT ask a question… you WILL be rewarded • Learn some basics • Top 10 things everyone must do well MalwareArchaeology.com
  • 4. • We discovered this May 2012 • Met with the Feds ;-) Why listen to me MalwareArchaeology.com
  • 5. Yup, our PII is gone MalwareArchaeology.com
  • 6. Of course you can… MalwareArchaeology.com
  • 7. Step 1 Think about recovery MalwareArchaeology.com
  • 8. Recovery – Your Backups • No matter what might happen, a hardware failure, theft, natural disaster or hackers with malware or worse a breach, recovery is your #1 goal • This means backups are key to your continued success • Organize the software you use, the data you have as that will aid in recovery IF, I mean WHEN something bad happens • Why? Because malware is software and you usually do not know it is on your system until something bad happens or AV goes off or someone calls you (the suits) and tells you that you have been breached. ;-( MalwareArchaeology.com
  • 9. Backups • For desktops data should be stored on a server that is backed up • If you must store data on your desktop or laptop, then use a backup solution like Carbonite • Have your IT person, people or consultant validate the solution is working • Some solutions offer a boot disk to recover the entire system, OS and data • But how do you know when your system went bad? What backup do you recover the OS from? What if it was infected for weeks? • Why I prefer and recommend rebuilding the OS and Applications from scratch and then restore your data. MalwareArchaeology.com
  • 10. Step 2 Rebuilding a system MalwareArchaeology.com
  • 11. Rebuild a system quickly • Backups have your data • But the PC, MAC or Server OS needs to be built from scratch • Instructions, steps, special configurations • Make it easier for your IT person, people or consultant helping your organization to rebuild a dead or hacked system as fast as possible • Documentation for fast recovery is key MalwareArchaeology.com
  • 12. Rebuilding is a good thing • It is the ONLY way you know your system is 100% clean! • Malware is written well to operate without detection for days, weeks or months • I rebuild my PC’s once or more per year • Patching takes the longest, takes me 2 hours to get up and running, 24 hours to finish patching • Restoring a backup of an OS will take about an hour, give or take, but how do you know it is clean? MalwareArchaeology.com
  • 13. Step 3 Data and OS should be seperate MalwareArchaeology.com
  • 14. Your Data and OS should not mix • One of the worst things I see is where people store data on the same drive as their operating system • If you want easier backups, keep data on a drive that does NOT contain the operating system to make it easier to rebuild a system and restore data • Only the OS and applications should be on the drive that boots the operating system • I prefer using a server share for your data that gets backed up, but we have laptops with one drive, so partition it into two parts; OS and Data MalwareArchaeology.com
  • 15. Your data and OS should not mix • If you don’t use it, uninstall it • Less is more as far as Apps • Only install what you need and take an inventory • Please don’t store data in My Document ;-( – User space is first to be hit in a RansomWare event MalwareArchaeology.com
  • 16. Step 4 Don’t be an Administrator MalwareArchaeology.com
  • 17. Verizon DBIR How you get owned MalwareArchaeology.com
  • 18. You are just a user • PLEASE… Don’t run as Administrator • “But I have an application that must run as Admin…” Fine, there is “Run As Administrator” for this, enter these credentials as needed • IF you have to because of a poorly written or old application, then NO SURFING THE INTERNET !!!! Or opening email attachments! Consider isolating this system • 90% of vulnerabilities will fail exploitation if you are a General User MalwareArchaeology.com
  • 20. Patching is crucial • Windows and Apple can auto update • PLEASE make sure this is happening • Let it interrupt your day • Do NOT fall behind • Malware takes advantage of what we call “ZERO DAYS” or “0-Day” vulnerabilities and patching breaks their exploit within 2 weeks of discovery, your patches come monthly ! MalwareArchaeology.com
  • 22. Anti-Virus is useful • Everyone should know that Anti-Virus is no longer what it use to be • But it does catch older (1 year+) emailed malware or older malware found on compromised websites • It does NOT do a good job on newly crafted Phishing Email SPAM campaigns or newly compromised websites • So don’t spend a lot on this, free solutions are almost as good as paid solutions • Windows Security Essentials (Windows 7 - Free) • Windows Defender (Windows 8 - Free) • Sophos (MAC OS – Free) • Install only ONE AV solution • Do not install Anti-Spyware or other “Fear-ware” prevention • Stick to the big names MalwareArchaeology.com
  • 24. Update your Apps • Malwarians (the hackers) pick on your apps as a way in • Keep them up to date! • Install Secunia Personal Software Inspector (PSI) or the paid version for business • Better yet do NOT use applications that are exploited regularly • Any guesses? MalwareArchaeology.com
  • 25. Update your Apps • Adobe anything – Bad – Use FoxIT, Sumatra or other PDF Reader – If required (Quickbooks)) install Adobe Reader and then install FoxIT and mke it your default PDF reader – Adobe Flash is builtin to Chrome • Java – Bad – Disable Java in your browser • Anything that is Browser launched or email attachment launched will be exploited ! • Don’t use Internet Explorer !!! Use Chrome and/or Firefox or Safari MalwareArchaeology.com
  • 26. Step 8 Better Safer Browser MalwareArchaeology.com
  • 27. Better Browser • Firefox – Use Security Plugins – No Script (blocks scripting on websites) – Ad Block (blocks ads used to spread malware) – Web of Trust (gives you an idea of good and bad websites when you search) • Chrome – Use Security plugins – Script Block (blocks scripting on websites) – Ad Block (blocks ads used to spread malware) – Web of Trust (gives you an idea of good and bad websites when you search) • Safari – For MAC lovers – Firefox and Chrome too, same above applies MalwareArchaeology.com
  • 29. Passwords are evil • Strong passwords • What do you think? • Long and random – How long? – But I can’t remember them? – There are so many accounts… • Password Managers are incredible !!! – LastPass is my favorite – Store all your passwords – NEVER store them in your browser! • Use 2-Factor authentication (Google Authenticator or a Yubikey) MalwareArchaeology.com
  • 31. Bookmarks • You need to save websites you visit often • LastPass will do most of this for you, not just ones with passwords • Another item that gets lost when your system crashes or is replaced • Remember that first goal? • Xmarks will synchronize your bookmarks to the Internet so you can easily restore them on rebuild. Just a plugin to your browser MalwareArchaeology.com
  • 33. Verizon DBIR – Top Remediation items MalwareArchaeology.com
  • 34. What if you are big enough for in house infrastructure? • Outsource these functions – Email – Email protection – Web Surfing protection – Endpoint protection (Malware detection and prevention) • Use a consultant to set these up, less for you to maintain • Think about the data you are storing with cloud services (ADP, Salesforce, Amazon, Google) and use ones that are trustworthy and well known MalwareArchaeology.com
  • 35. Use the Security features the OS has • Whitelisting – Windows – Software Policy Restrictions – Windows Ultimate or Enterprise – AppLocker • Logging – Can do SO much to detect bad things, needs to be enabled and configured – Splunk #1 – Loggly #2 – You outsource this unless you have staff – #1 thing I will ask for and do if you need someone like me MalwareArchaeology.com
  • 36. Safer Web Surfing • OpenDNS • Inexpensive way to reduce bad sites being visited MalwareArchaeology.com
  • 37. In Summary • Ten things you CAN do to help reduce damage caused by one of many outages • Know when to ask for help implementing these items by asking your IT person, people or consultant to do these often and well • All these items are basically FREE or very low cost and yes, people time • You don’t need to pay me to delete malware on a PC or two, just rebuild them and move on at the speed of business MalwareArchaeology.com
  • 38. Resources • My Website – MalwareArchaeology.com • This presentation – SlideShare.com – Search for Malware Archaeology • Attend training or a conference – Bsides - SecurityBSides.org MalwareArchaeology.com
  • 39. Questions? • You can find me at: • @HackerHurricane • MalwareArchaeologist.com • HackerHurricane.com MalwareArchaeology.com