Evtsys (actually auditpol and auditusr) Part II

# Powershell V3 CTP2# Using auditpol on Vista, Win7# Enables failure and sucess auditing for selected subcategories$auditpollist="Logon","Logoff","Special Logon","Other Logon/Logoff Events","Security State Change","SAM","Filtering Platform Connection","Process Creation","Audit Policy Change","Filtering Platform Policy Change","Credential Validation"foreach ($i in $auditpollist) {auditpol /set /subcategory:"$i" /success:enable /failure:enable}# Using auditusr on XP, 2003# Since auditusr requires doesn't globally audit all users...$auditusrlist="System...

Read More

Inside a Commission Hearing on the Chinese Threat

This morning I testified at the U.S.-China Economic and Security Review Commission at a hearing on Developments in China’s Cyber and Nuclear Capabilities. In the picture taken by Mrs Bejtlich (thanks for attending!) I'm seated at the far right. To my left is Nart Villeneuve. To his left is Jason Healey. As stated on their Web site, the U.S. Congress created the U.S.-China Economic and Security Review Commission in October 2000 with the legislative...

Read More

Impressions: Fuzzing

Fuzzing by Michael Sutton, Adam Greene and Pedram Amini struck me as a good overview of many types of fuzzing techniques. If you read the Amazon.com reviews, particularly the verdict by Chris Gates, you'll see what I mean. For my purposes, the degree to which the authors covered the material was just right. If you're more in the trenches with this topic, you would probably want more from a book on fuzzing. I liked the following aspects of the...

Read More

Impressions: Hunting Security Bugs

I don't hunt security bugs for a living, but I've worked on teams that do and I find the process important to understand. A defender should appreciate the work that an adversary must perform in order to discover a vulnerability and weaponize an exploit. That is the spirit with which I read Hunting Security Bugs by Tom Gallagher, Bryan Jeffries, and Lawrence Landauer. When the book was published in 2006 all the authors worked at Microsoft and Microsoft...

Read More

Impressions: The Web Application Hacker's Handbook, 2nd Ed

In late 2009 I reviewed the first edition of The Web Application Hacker's Handbook. It was my runner-up for Best Book Bejtlich Read 2009. Now authors Dafydd Stuttard and Marcus Pinto have returned with The Web Application Hacker's Handbook, 2nd Ed. This is also an excellent book, although I did not read it thoroughly enough to warrant a review. On p xxix the authors note that 30% of the book is "new or extensively revised" and 70% of the book...

Read More

Impressions: Web Application Security: A Beginner's Guide

As you might remember, when I write impressions of a book it means I didn't read the book thoroughly enough (in my mind) to write a review. In that spirit, I read Web Application Security: A Beginner's Guide by Bryan Sullivan and Vincent Liu. I liked the book because the authors spend the time explaining the technology in question. For example, I appreciated the discussion on the same origin policy, featuring memorable advice like "the same origin...

Read More

Review of SSH Mastery Posted

Amazon.com just published my five star review of SSH Mastery by Michael W. Lucas. From the review: This is not an unbiased review. Michael W. Lucas cites my praise for two of his previous books, and mentions one of my books in his text. I've also stated many times that MWL is my favorite technical author. With that in mind, I am pleased to say that SSH Mastery is another must-have, must-read for anyone working in IT. I imagine that most of us use...

Read More

Bejtlich's Take on RSA 2012

Last week I attended RSA 2012 in San Francisco. I believe it was my third RSA conference; I noted on my TaoSecurity News page speaking at RSA in 2011 and 2006. This year I spoke at the Executive Security Action Forum on a panel moderated by PayPal CISO Michael Barrett alongside iDefense GM Rick Howard and Lockheed Martin CISO Chandra McMahon. I thought our panel offered value to the audience, as did much of the remainder of the event. Most...

Read More

Keep CIRT and Internal Investigations Separate

A recent issue of the Economist featured an article titled Corporate fraud: Mind your language -- How linguistic software helps companies catch crooks. It offered the following excerpts: To spot staff with the incentive to steal (over and above the obvious fact that money is quite useful), anti-fraud software scans e-mails for evidence of money troubles... Ernst & Young (E&Y), a consultancy, offers software that purports to show an employee’s...

Read More

TaoSecurity Blog Wins Most Educational Security Blog

I'm pleased to announce that TaoSecurity Blog won Most Educational Security Blog at the 2012 Social Security Bloggers Awards. I attended the event held near RSA and spent time talking with a lot of security bloggers and security people in general. I'd like to thank the sponsors of the event, depicted on the photo of the back of the T-shirt at left. Props to whomever designed the shirt -- it's one of my favorites. The award itself looks great,...

Read More