Practical Malware Analysis Book Promotion

I'm very pleased to share news of an awesome new book titled Practical Malware Analysis by Michael Sikorski and Andrew Honig. The authors will present a Webinar on their book on Wednesday 29 February at 2 pm eastern. I was pleased to write the foreword, which ends with these words: If the malware authors are ready to provide the samples, the authors of the book you’re reading are here to provide the skills. Practical Malware Analysis is the sort...

Read More

Happy Valentines day!

Wishing you a happy Valentines day from Tutorial Geek!BeforeAfterBeforeAfterCheck out this tutorial if you would like to see how to do this yourse...

Read More

I Want to Detect and Respond to Intruders But I Don't Know Where to Start!

"I want to detect and respond to intruders but I don't know where to start!" This is a common question. Maybe you have a new security role in an organization, or a new service or business in your current organization, or some other situation where you want to find and stop attackers. However, you have no idea where to begin. Do you have the data you need? If not, what should you add? What do intrusions look like in the data you collect? These...

Read More

Impressions: Network Warrior, 2nd Ed

Five years ago I reviewed the first edition of Network Warrior by Gary A. Donahue. Thank to O'Reilly I can post my "impressions" of the second edition of this great book. Although I read almost all of it, I am unable to post another review because Amazon.com has my previous review attached to the new edition. In brief, Network Warrior, 2nd Ed is the book to read if you are a network administrator trying to get to the next level. All of my praise...

Read More

Impressions: Windows Sysinternals Administrator's Reference

Mark Russinovich and Aaron Margosis have written another awesome addition to the Microsoft Press catalog, Windows Sysinternals Administrator's Reference. Per my policy, because I did not read the whole book I am only posting "impressions" here and not a full Amazon.com review. In brief this book will tell you more about the awesome Sysinternals tools than you might have thought possible. One topic that caught my attention was using Process Monitor...

Read More

Impressions: The Tangled Web

Six years ago I reviewed Michal Zalewski's first book, Silence on the Wire. Michal is a security researcher who has consistently created high-quality content for a very long time, so I was pleased to receive a review copy of his newest book The Tangled Web. I did not read the whole book, hence I'm posting only my "impressions" here. I recommend reading this book if you want to know a lot, and I mean a lot, about how screwed up Web browsers, protocols,...

Read More

The Toughest Question in Digital Security

The toughest question in digital security is "who cares?" The recent Tweet by hogfly (@4n6ir) made me ponder this question. He points to an Aviation Week story by David Fulghum, Bill Sweetman, and Amy Butler titled China's Role In JSF's Spiraling Costs. It says in part: How much of the F-35 Joint Strike Fighter’s spiraling cost in recent years can be traced to China’s cybertheft of technology and the subsequent need to reduce the fifth-generation...

Read More

Evtsys Part I

Eventlog-to-syslog  was a Purdue university project that has been taken up by Sherwin Faria for Google Code  and recently updated. The project is Windows 7 compliant and helps solve processing audit policies that produce large number of log entries like the commands:auditpol /set /subcategory:"Filtering Platform Connection" /success:enable /failure:enableauditpol /set /subcategory:"Filtering Platform Packet Drop" /success:enable /failure:enableor the all inclusive:auditpol /set /category:*To use evtsys, I install Cygwin with syslog...

Read More