Tutorial Geek wishes you a Merry Christmas!

I want to wish everyone a Merry Christmas! I love this time of year and hope that everyone is finding joy and happiness!On my personal blog, I just wrote about the true meaning of Christmas from a different perspective (in China). You can read it here if you would li...

Read More

One liners for retrieving Windows TCP/IP and IP Address information

One liners for retrieving Windows IP Address information from Powershell v3.0:gwmi -class Win32_NetworkAdapterConfiguration | % {if ($_.IPAddress -ne $null) {$input}}gwmi -class Win32_NetworkAdapterConfiguration | % {if ($_.IPAddress -ne $null) {$input}} | fl *gwmi -class Win32_NetworkAdapterConfiguration | % {if ($_.IPAddress -ne $null) {$input | Select -ea 0 IP,DHCP,DNS,WINS}}gwmi -class Win32_NetworkAdapter |  % {If ($_.NetEnabled) {$input | Select Caption, Name, Speed, TimeOflastReset,Net*}}gwmi -class Win32_NetworkAdapterConfiguration...

Read More

One of the many reasons I love Google

This is a picture of my bathroom here in China. Nothing special really (other than the fact that I moved into a really nasty apartment with a nasty bathroom). Nothing special I thought.This is why Google is so cool.I recently upgraded Picasa to the newest version. I decided to go through and use Picasa to organize some of my contacts with faces. It was when I was doing this that Picasa brought up this photo for me to tag. My initial response was...

Read More

FileVersionInfo Part II

# Powershell v3.0 code# Recurses current directory to gather file version information of a boolean property# Returns number of Debug,Patched,PreRelease,Private,Special builds# Creates csv of those properties in current directory# Takes up to three arguments:# [mandatory]$filename (e.g. *.dll),$exportflag (e.g. "0" to output csv;default is off), $filetime (default is now)function Global:Get-fileinfo {[CmdletBinding()] Param( [Parameter(ValueFromPipeline=$true)] [object]$filename, [bool]$exportflag=1, $filetime=[DateTime]::Now.ToFileTime()...

Read More

FileVersionInfo Part I

Retrieving FileVersionInfo in Powershell involves calling [System.Diagnostics.FileVersionInfo]::GetVersionInfo(). "ls ' or 'Get-childitem' has a scriptproperty named "VersionInfo" that can be used for this:PS C:\ps1> $a=ls -recurse | % {$_.VersionInfo}TypeName   : System.IO.FileInfoName       : VersionInfoMemberType : ScriptPropertyDefinition : System.Object VersionInfo {get=[System.Diagnostics.FileVersionInfo]::GetVersionInfo($this.FullName);} System.Diagnostics.FileVersionInfo contains five boolean properties...

Read More

Mandiant Webinar Wednesday; Help Us Break a Record!

I'm back for the last Mandiant Webinar of the year, titled State of the Hack: It's The End of The Year As We Know It - 2011. And you know what? We feel fine! That's right, join Kris Harms and me Wednesday at 2 pm eastern as we discuss our reactions to noteworthy security stories from 2011. Register now and help Kris and me beat the attendee count from last month's record-setting Webinar. If you have questions about and during the Webinar, you...

Read More

Tripwire Names Bejtlich #1 of "Top 25 Influencers in Security"

I've been listed in other "top whatever" security lists a few times in my career, but appearing in Tripwire's Top 25 Influencers in Security You Should Be Following today is pretty cool! Tripwire is one of those technologies and companies that everyone should know. It's almost like the "Xerox" of security because so many people equate the idea of change monitoring with Tripwire. So, I was happy to see my twitter.com/taosecurity feed and the taosecurity.blogspot.com...

Read More

Become a Hunter

Earlier this year SearchSecurity and TechTarget published a July-August 2011 issue (.pdf) with a focus on targeted threats. Prior to joining Mandiant as CSO I wrote an article for that issue called "Become a Hunter":IT’S NATURAL FOR members of a technology-centric industry to see technology as the solution to security problems. In a field dominated by engineers, one can often perceive engineering methods as the answer to threats that try to steal,...

Read More

National Public Radio Talks Chinese Digital Espionage

When an organization like National Public Radio devotes an eleven minute segment to Chinese digital espionage, even the doubters have to realize something is happening. Rachel Martin's story China's Cyber Threat A High-Stakes Spy Game is excellent and well worth your listening (.mp3) or reading time. Rachel interviews three sources: Ken Lieberthal of the Brookings Institution, Congressman Mike Rogers (chairman of the House Intelligence Committee),...

Read More

Dustin Webber Creates Network Security Monitoring with Siri

Dustin Webber just posted a really cool video called Network Security Monitoring with Siri. He shows how he uses his iPhone 4S and SiriProxy to interact with his Snorby Network Security Monitoring platform.The following screenshot shows Dustin asking "Can you show me what the last severity medium event was?" and Siri answering.Later he asks Siri to tell him about "incident 15":Near the end Dustin asks Siri if she likes Network Security Monitoring:This...

Read More

Trying NetworkMiner Professional 1.2

Erik Hjelmvik was kind enough to send an evaluation copy of the latest version of his NetworkMiner traffic analysis software. You can download the free edition from SourceForge as well. I first mentioned NetworkMiner on this blog in September 2008.NetworkMiner is not a protocol analyzer like Wireshark. It does not take a packet-by-packet approach to representing traffic. Instead, NetworkMiner displays traffic in any one of the following ways:...

Read More

Thoughts on 2011 ONCIX Report

Many of you have probably seen coverage of the 2011 ONCIX Reports to Congress: Foreign Economic and Industrial Espionage. I recommend every security professional read the latest edition (.pdf). I'd like to highlight the key findings of the 2011 version:Pervasive Threat from Adversaries and PartnersSensitive US economic information and technology are targeted by the intelligence services, private sector companies, academic and research institutions,...

Read More

Tao of Network Security Monitoring, Kindle Edition

I just noticed there is now a Kindle edition of my first book, The Tao of Network Security Monitoring: Beyond Intrusion Detection, published in July 2004. Check out what I wrote in the first paragraphs now available online.Welcome to The Tao of Network Security Monitoring: Beyond Intrusion Detection. The goal of this book is to help you better prepare your enterprise for the intrusions it will suffer. Notice the term "will." Once you accept that...

Read More

Why DIARMF, "Continuous Monitoring," and other FISMA-isms Fail

I've posted about twenty FISMA stories over the years on this blog, but I haven't said anything for the last year and a half. After reading Goodbye DIACAP, Hello DIARMF by Len Marzigliano, however, I thought it time to reiterate why the newly "improved" FISMA is still a colossal failure.First, a disclaimer: it's easy to be a cynic and a curmudgeon when the government and security are involved. However, I think it is important for me to discuss...

Read More

SEC Guidance Emphasizes Materiality for Cyber Incidents

Senator Jay Rockefeller and Secretary Michael Chertoff wrote the best article I've seen yet on the CF Disclosure Guidance: Topic No. 2, Cybersecurity issued by the SEC last month in their article A new line of defense in cybersecurity, with help from the SEC:Managing cybersecurity risk has always been, and always will be, in large part a private sector responsibility...Until recently, this responsibility may have been unclear — or unknown — to the...

Read More

MANDIANT Webinar Friday

Join me and Lucas Zaichkowsky on Friday at 2 pm eastern as we talk about what happened at our annual MANDIANT conference, MIRCon! Registration is free and I expect you'll enjoy the discussion! We plan to review what we saw and heard, and how those lessons will help your security program. Tw...

Read More

Review of America the Vulnerable Posted

Amazon.com just posted my five star review of America the Vulnerable by Joel Brenner. I reproduce the review in its entirety below.I've added bold in some places to emphasize certain areas.America the Vulnerable (ATV) is one of the best "big picture" books I've read in a long while. The author is a former NSA senior counsel and inspector general, and was the National Counterintelligence Executive (NCIX). In these roles he could "watch the fireworks"...

Read More

Republican Presidential Candidates on China

(Photo: Business Insider)This is not a political blog, so I'm not here to endorse candidates. However, I do want to point out another example of high-level policymakers discussing ongoing activities by China against the US and other developed economies.First, the Washington Post published an editorial by Mitt Romney which included the following:China seeks advantage through systematic exploitation of other economies. It misappropriates intellectual...

Read More

Bejtlich in "The expanding cyber industrial complex"

Christopher Booker interviewed me and several other policy-oriented security people for his video Financial Times story The expanding cyber industrial complex. This was a different experience for me for two reasons. First, Christopher conducted the interviews via Skype. Second, you can see what appear to be the home offices of several of the contributors, including me.One technical note on the video: I had some trouble getting it to play. To...

Read More

Computer Incident Response Team Organizational Survey, 2011

Today at MIRCon I mentioned that one of my colleagues, Jeff Yeutter, had updated the somewhat famous CERT/CC study of CIRT characteristics as part of his degree program. Jeff posted the survey online as Computer Incident Response Team Organizational Survey, 2011 with this description:In 2003, the CERT CSIRT Development Team (www.CERT.org) released a study on the state of international computer security incident response teams with the goal of providing...

Read More

Interview with One of My Three Wise Men

Tony Sager from the NSA is one of my Three Wise Men. (Dan Geer and Ross Anderson are the other two.) Eric Parizo from SearchSecurity.com interviewed Tony this week and posted the video online. Tony notes that the escalation in threat activity during the last few years is real. He is in a position to know, given he has worked at NSA since the 1970s. Tony says the threat activity is getting people's attention now, especially at more senior levels...

Read More

Russia v China -- Sound Familiar?

Thanks to a source who wishes to remain anonymous, I read Chinese spy mania sweeps the world, an article not from a Western publication. Rather, it's from Voice of Russia. Does any of this sound familiar?[T]his is the most powerful secret service based on the principle of attracting all ethnic Chinese, wherever they may live. An adherent of the “total espionage” strategy, Beijing even encourages emigration in the hope that its citizens will remain...

Read More

It's All About the Engines

(Photo credit: AINOnline)I just read Big New Chinese Order for Russian Fighter Engines at China Defense Blog, which quoted AINOnline:China has placed additional orders for Russian AL-31-series fighter engines. State arms trade agency Rosoboronexport clinched two big contracts earlier this year...To serve them, Salut has established partnerships with Limin Corp. and Tyan Li company in Chengdu on deliveries and manufacturing of spare parts for both...

Read More

House Cybersecurity Task Force Report Released

The House Cybersecurity Task Force released its report (.pdf) today. NextGov offers a good summary in their story House GOP Cyber Task Force Touts Industry Leadership by Jessica Herrera-Flanigan.The report includes the following recommendation:Companies, including Internet Service Providers (ISPs) and security and software vendors, are already conducting active operations to mitigate cybersecurity attacks. However, these are largely done independently...

Read More

C-SPAN Posts Video of Tuesday Hearing

You can now access video of Tuesday's House Select Committee on Intelligence Hearing on Cybersecurity at C-SPAN.Some people are already asking "what's new" about this. For me, what's new is that the chairman of the HPSCI is pointing his finger straight at the threat, and letting the world know in an open hearing that the adversary's actions are unacceptable and will not be tolerated. This is exactly the sort of attention and action that the threat...

Read More

Inside a Congressional Hearing on Digital Threats

Today I was fortunate to attend a hearing of the US House Permanent Select Committee on Intelligence (HPSCI). That's me on the far left of the photo, seated behind our MANDIANT CEO Kevin Mandia. I'd like to share a few thoughts on the experience.First, I was impressed by the attitudes of all those involved with HPSCI, from the staffers to the Representatives themselves. They were all courteous and wanted to hear the opinions of Kevin and the other...

Read More

Chinese Espionage in Five Minutes

This evening I watched last week's episode of This Week in Defense News with Vago Muradian. Vago's last guest was David Wise, author of Tiger Trap. If you want to learn as much as possible about Chinese espionage in a five minute interview, I recommend watching History of China spying on U.S.. I hope this book encourages attention at the highest levels of the US government and industry.Tw...

Read More

The Best VPN Solution

As you may, know, TutorialGeek has been all but dead for the past couple months. This is due to the fact that I have been in China and getting on Blogger has been difficult at best. I have been spending the better part of a month looking for a good VPN solution so that I can resume my blogging, but most VPN options have been annoying or frustrating.Well; I am hoping all that will change. I have tried a few VPN services that are decent, but I soon hope to try out USAIP. Once I have tested this out, I will do a full evaluation. Hopefully it will...

Read More

Review of Robust Control System Networks Posted

Amazon.com just posted my five star review of Robust Control System Networks by Ralph Langner. From the review:I am not an industrial control systems expert, but I have plenty of experience with IT security. I read Robust Control System Networks (RCSN) to learn how an ICS expert like Ralph Langner think about security in his arena. I was not disappointed, and you won't be if you keep an open mind and remember IT security folks aren't the target...

Read More

Impressions: The Art of Software Security Testing

I'll be honest -- on the same trip on which I took The Art of Software Security Assessment, I took The Art of Software Security Testing (TAOSST) by Chris Wysopal, Lucas Nelson, Dino Dai Zovi, and Elfriede Dustin. After working with TAOSSO, I'm afraid TAOSST didn't have much of a chance. TAOSST is a much shorter book, with more screen captures and less content. My impressions of TAOSST is that it is a good introduction to "identifying software...

Read More