Friday, January 23, 2015

MAC Forensics Certified and SOTU reaction

Hi Anything Cyber community, It's a new year and a new certification under my belt. I just completed a 6 day course in Mac Forensics (FOR 518) taught by SANS. A Mac convert for over 10 years, I now know the inner workings of all of my Apple devices. The course covered the forensics of OS X, iPhone, and iPad. Lectures were backed up by very detailed exercises to reinforce what was learned. It's amazing how much evidence a perpetrator can leave behind on their computers or smartphones and not even know it. The secret is knowing how to access the information. I highly recommend this course to others.

As far as the SOTU is concerned, I get goose bumps whenever the President mentions Cybersecurity in the SOTU. It reinforces to me the importance of learning about the topic and being an expert in the field. Recent attacks such as the hacking of the Twitter and YouTube accounts for US Central Command further validate the importance of Cybersecurity. From what I see in my career on a daily basis, it seems that private industry is taking Cybersecurity seriously and on a path to make the necessary investments to mitigate the risk of Cyber breaches. Jimmie Walker

Wednesday, December 24, 2014

Don't think Christmas Eve will yield a Cyber attack repreive

Happy Holidays Anything Cyber followers,


Since my last post, so much has happen in the Cyber attack world. Sony has been in the news daily. Not for strong PS4 sales but for a serious Cyber breach that has exposed substantial proprietary information and PII. It's estimated that the financial losses from the Sony Pictures Cyber breach will easily reach into the multi-hundred millions.


Just this Monday, Internet access to and from North Korea (the country attributed to the Sony Cyber breach according to the FBI) was non-existent. Was this a proportionate response by the U.S. or North Korea simply cutting off Internet access to eliminate a Cyber attack response from the U.S., the general public is left to wonder but obviously someone in the U.S. or North Korean government knows the answer.


Well companies out there, enjoy the holidays but remember to keep your guard up for Cyber attacks. Hackers are not taking the holidays off. They'll definately exploit the opportunity to catch a company wrapped in holiday cheer and fleece the company of proprietary data or cause network infrastructure disruption. Also take note of my posts of the past that highlight steps to take to mitigate the impact of a Cyber breach.


Jimmie Walker

Monday, November 24, 2014

Surprise! User accounts with elevated permissions still remain a big target for Cyber Actors.

Hi Anything Cyber community,

After downloading a report just released by CyberArk regarding the dangers of not properly securing user accounts with elevated permissions (i.e. admin accounts), I reflected on how I was always taught that administrators should have both a user level account with the standard level of rights and admin level accounts with elevated rights. As well, administrators should only use their elevated accounts when additional permissions were needed to perform their work-related duties. While it's good to minimize the time in which an administrator has elevated permissions to minimize the attack window for a Cyber Actor to take control of an elevated account, it's also important that administrator accounts are appropriately fortified to minimize the risk of takeover. For example, make sure that default passwords to administrator accounts are disabled or changed to strong passwords. Minimize the amount of administrator accounts to reduce the attack surface. If an employee no longer requires administrator access or other elevated rights, remove them immediately.


In an April, 2013 post, I mentioned the practice of minimizing the usage of privileged accounts. Hopefully corporations will listen after CyberArk's recent report.

Jimmie Walker

Tuesday, October 28, 2014

Don't trade home network security for App-controlled lights

Anything Cyber community, Don't know if it's just me but I've seen quite a few network-enabled devices (NEDs) hit the market. I know some who brag about their networked home which allows them to control lights, thermostat, and alarm system from a smartphone app. Aside from the added cost of implementing these conveniences, one must also consider the security implications of having their fridge and lights connected to their home wireless network. Although one can follow all proper measures to secure their wireless network, it's only as secure as the weakest link. Don't let a networked light bulb serve as the weakest link in your home network. If you do decide to make the NED leap, investigate the security measures that the NED vendor takes to harden the device and mitigate the risk of the NED becoming easy assess for hackers to own your wireless network. Just like you need to keep operating systems, wireless routers, and software applications patched, you also want to purchase NEDs that have a capability and commitment by the vendor to provide patches in a timely fashion. Without patches, a once secure fridge can become as easy as hacking WEP overtime. Jimmie Walker

Monday, September 22, 2014

GREM Certified!!!

Good Afternoon Anything Cyber Community,

No, GREM is not short for gremlin. I didn't just become certified in gremlin. Earlier this month I passed the two-hour nerve racking certification exam to obtain the Global Reverse Engineering Malware certification. The GREM certification taught me how to properly handle malware, analyze the static characteristics of a given malware sample, analyze the behavior characteristics of a malware sample, and identifying indicators of compromise that allows for the identification of a given malware sample on a computer or network. I had to become very intimiate with the use of virtual machines which allows for a controllled way to infect a system and rollback the system to an un-infected state to experiment further with a given piece of malware.

I learned a tremendous amount while studying for both GREM and GPEN and I'd highly recommend the SANS courses for anyone who wants some real-world hands-on experience in various data security topics. The below link is a plug to 20 top critical security controls that SANS helped create that all businesses should implement to protect their corporate network. The controls can even be applied to secure a home network.

Until next time,

Jimmie Walker


SANS Top 20

Thursday, August 7, 2014

Possible relief from CryptoLocker

Hi Anything Cyber community,

For those of you familiar with CryptoLocker (ransom ware that encrypts a victim's hard drive and requests hundreds of dollars to decrypt), you might have heard in early June that the FBI shutdown the CryptoLocker operation headed by a Russian hacker called Slavik. At that time, victims of CryptoLocker who had not paid the ransom to get their files decrypted had no avenue for reclaiming their files. Since the CryptoLocker servers had been taken off line by the FBI, there was no way to pay the ransom.

For those of you who still have files encrypted by CryptoLocker, there's hope. You can go to https://decryptcryptolocker.com and enter one encrypted file. FireEye and Fox IT have teamed up to determine the master decryption key based off the one file you submit. The master decryption key can be used to decrypt all other files on the CryptoLocker infected hard drive. Since a unique master decryption key exists for each infected system, you'll have to submit an encrypted file for each system. When choosing a file to submit, do not submit a file containing sensitive information since FireEye and Fox IT will have access to the file contents once decrypted.

Hopefully a service like this will come about for variants of CryptoLocker such as CryptoWall which is currently causing havoc and encrypting victim hard drives. The typical attack vector for CryptoLocker, CryptoWall, and other malware is via spear phishing e-mails. Be very weary of e-mails from people you don't know especially if the e-mail contains a link or attachment. Also scrutinize e-mails from people you do know if the content of the e-mail seems out of character. Perpetrators are also using e-mail addresses that look very similar to a person you know and trust except for 1 or 2 characters of the address are different.

Stay safe in the digital world!

Jimmie Walker

Tuesday, July 29, 2014

GPEN Certified!!!

Hi Anything Cyber community,

Although I'm usually modest, I have to brag a little today. Months of studying paid off when I passed the GIAC Penetration Tester exam earlier this month to earn the GPEN credential. To pass the exam, I had to become proficient in numerous ethical hacking and penetration testing topics such as: password cracking, pass-the-hash techniques, wireless hacking, SQL injections, XSS attacks, Metasploit, Wireshark, tcpdump, user enumeration, Nmap, etc. Prior to the months of study, I completed a week long SANS 560 course to gain hands-on experience identifying computer vulnerabilities and exploiting them to gain unauthorized access.

While I already had the CISSP and ISSMP credentials, the GPEN credential was very hands-on versus just reading a book and completing practice exams. I now have an arsenal of software tools and the know-how to perform penetration testing. The GPEN certification furthered my computer security knowledge and I highly recommend learning the concepts taught in SANS 560.

Jimmie Walker