Cyber Kill Chain — NOYNIM IT
Denver IT Security and Service organization NOYNIM understands and studies IT security thoroughly. Recently NOYNIM has been doing some research on Cyber Kill Chain and looking at different methodologies for our clients in the security analysis model. Please take a look and let us know your comments. We at Denver IT services organization NOYNIM feel [...]
Denver SIEM support — RSA Envision, LogRhythm and HP ArcSight
NOYNIM is now providing Security Information and Event Management (SIEM) support. Today many companies have stringent logging requirements. Prior to 2012 most companies purchased simple log collection tools. Today companies want to use their log collection in a meaningful way; hence the adoption of SIEM applications. Log correlation is very important in order to pinpoint [...]
Security Tools/Data Recovery
PhotoRec is file data recovery software designed to recover lost files including video, documents and archives from Hard Disks and CDRom and lost pictures (thus, its ‘Photo Recovery’ name) from digital camera memory. PhotoRec ignores the filesystem and goes after the underlying data, so it will still work even if your media’s filesystem has been severely damaged or re-formatted.
Malware Search List
http://www.malwaredomainlist.com is a good site to visit if you want to check if a certain site is known to have malware present.
Investigating Malicious Files
This site to upload suspicious files. This site will scan your file through multiple anti-virus software. Since most people don’t run multiple AV engines on their machines they can use this site to verify if a file is legitimate.
Windump is a little different then tcpdump when looking for interfaces. Run windump -D to identify the interfaces on your windows machine. Once the NIC is identified that you want to monitor run the windump -i followed by the full NIC ID.
ttyrpld is a mult-os kernel-level tty key- and screenlogger with (a)synchronous replay supprt. It supports most tty types, including vc, bsd and unix98-style ptys (xterm/ssh), serial, isdn, etc. Being implemented within the Kernel makes it unavoidable for the default user. It runs with no overhead if the logging daemon is not active.