Wednesday, September 8, 2010

FREE Event - 2010 Techno Forensics & Digital Investigations Conference

The management team of TheTrainingCo., producers of the Annual Techno Forensics & Digital Investigations Conference and DojoSec would like to make you a special offer for this year's Conference being held on October 25 & 26, 2010 in Gaithersburg, Maryland at NIST Headquarters.

As a sponsor of this years event DojoSec is offering you a FREE VIP pass to the conference. This offer does not include transportation, hotel or a Free iPad.

This will be the sixth year for Techno Forensics & Digital Investigations, and many of their Techno Security & Digital Investigations attendees attend both conferences every year. Come and meet some of the top practitioners in the world in the fields of eDiscovery, Digital Forensics and Information Security, Auditing and Technical Business Continuity Planning. Last year over 1,000 people attended this must attend conference.

To register for one of the FREE VIP seats, visit the following online registration page. conferences/register.cgi?c=TF- 2010

Select the Sponsor/VIP option as the Payment Type,

enter "0" for amount paid, and enter "DojoSec " in the Promotional Code section of the form.

You are also welcome to attend at the $999 price as a paid attendee, and receive the FREE iPad being offered this year to all pre-paid attendees.

For any attendees who hold a CISSP, CISA or CISM certification, this conference also provides 16 CEU hours. We need a registration for each attendee.

Check out this years agenda at: agenda/agenda.cgi?c=TF-2010

For more information about the conference: TechnoForensics2010.html

Watch a Brief (1 minute) Video about Techno Forensics: TF-2009/TF-2009-Video.wmv

Monday, December 7, 2009

DojoSec Sessions Ep. 1 - Jeremy Brown - From Static Analysis to 0day Exploit

At DojoSec the mission is to spread security knowledge in all forms of delivery. Our newest effort is called DojoSec Sessions which will feature screen captures and presentations from top-notch security professionals. DojoSec presents Jeremy Brown with an excellent presentation on Finding Vulnerabilities with Static Analysis. Thanks Jeremy for your contribution!

Monday, November 30, 2009

Mobile Communications Security Symposium

REGISTER ASAP - The Capitol College Innovation and Leadership Institute will host the Mobile Communications Security Symposium on December 4, 2009 from 8 a.m. to 12 p.m., on campus, in the Avrum Gudelsky Memorial Auditorium. There is no cost to attend this event. To learn more about the program and the speakers, please visit

To register for the symposium:

Send an email to
Subject: Register, Mobile Comm. Security Symposium


Wednesday, November 25, 2009

Marcus' Mailbag: Policy, Enforcement, and Monitoring

I received the following email on Commercial vs. Open Source, Policy, Enforcement, and Security Monitoring. I'm posting this email in order to share some of the views. It could be perceived as a bit of a rant, but I'm posting it below because it could spark some thought and conversation. Let me know what you think. If you have problem with the grammar, please rely on context clues. _MJC_ :)

=-=-=-=- BEGIN E-MAIL -=-=-=-=

In the Network security field they are vendors that sell products. They claim the products will catch the bad guys, disassemble malware and save the world. All we need to do is buy their products.

Then they are those Open Source vendors that sell support of some open source tool like Clam AV or Snort all we need to do is use it right and we are safe and they sell themselves as consultants. This model for doing business is not new, In the Financial services industry you have those who claim to be financial planners and when you go and see them they do a budget workup with you and then sell you commission based products like life or medical insurance. Then you have those who claim to be fee based financial planners (much like the open source pimps) and sell you things like Term insurance or no load mutual funds you supposedly pay for their expertise.

The problem with these approaches is they are PRODUCT based. The real solution is a mindset and action to get the desired results not some product Open Source or otherwise.

Network Security is not brain surgery. You need policy, enforcement and monitoring. If those 3 are not done then things break down.

Policy that is not enforced is useless, it's just as bad as if there was no policy at all. In fact if you have a policy you are lured into a sense of false security. If there is no Policy users know they are left to fend for themselves. At [ XYZ ] we don't have a problem in areas like Europe where privacy laws demand they users not be monitored or punished for breaking policy. It's the areas where we have the strictest policies that we have problems.

Enforcement - If policies are not enforced then it is useless. Same with dealing with problem areas of the network. If management turns a blind eye towards tunneling and insists on using systems that are not locked down. Giving most users admin rights and walking on egg shells and not going after employees equally for violations you will never secure the network.

Monitoring - I know a few companies we work with and problems arise and you find out that they have a special internet connection that is not being monitoring. They have this special RESEARCH network they can surf porn on. They tether their laptops with their Blackberries or use a SSL tunnel to do whatever they want on the network. Especially in the technical companies the very ones that should be examples and protecting their networks are doing these things. I have seen individuals have their IP addresses Whitelisted so they could watch movies all day claiming they are doing company business then we all wonder how malware got on the network.

Products do not protect or defend the real network. They point out the obvious and until someone pokes their finger at the sore and lets the world know they need to change network security is a charade. Even DojoSec with it open source pimps is not making things better unless it goes after the above mentioned issues.

That's my 2 cents...

=-=-=-=- END E-MAIL -=-=-=-=

Tuesday, November 24, 2009

Virtualization is Great for Forensics

The rumblings suggesting that "The Cloud" and Virtualization is an enormous hindrance to digital investigations are exaggerated. These claims sound like scare tactics to me, I think virtualization makes incident response to computer crime much more efficient. The goal of incident response is to preserve as much information as possible. Software such as Live View from CERT is great because it allows investigators to boot disk images.

Virtualization is cutting out the middle man here, as an investigator I'd rather have a virtual machine instead of a disk image. Virtual machine copies provided by service providers provide a "self contained crime scene", since the virtual machine is frozen in time including the memory. At DojoCon 2009, Richard Bejtlich shared a story were investigators responded to an incident working with a Cloud Provider and were greeted with a shrink wrapped crime scene.

Anyone who as ever used a product such as VMware may have copied and moved images, this is a good thing. It seems that when some are dedicated to screaming about problems, they may be ignoring a great solution staring them right in the face.


Monday, November 23, 2009

Google Hacking Renders Redaction Futile

Lately, I've been looking at tons of SQL injections and SWF login blog posts and screen captures. I notice most hackers attempt to redact the compromised URLs. However, in most cases there is enough information from the screen captures to find the sites.

The attempt to redact the information is an attempt to protect the innocent. The latest instance of this was a blog post on a Symantec SQL Injection that yielded tons of information including serials and passwords. The image below is a screen capture posted within the blog post.

Next, I visit Google and type: intitle:Teacher Sima

This is just basic Google Hacking here, nothing advanced. This is something I've been instinctively doing when I see something like this.

So the question is "Why redact?"


Thursday, October 29, 2009

Metasponse Talk at Techno Forensics

My friend Joshua Marpet recorded video of me doing my Metasponse talk at the Techno Forensics Conference at NIST on his iPhone. He'll be sending me the complete video so I can post it as one. Although I could take my own video equipment everywhere with me, it sometimes feels stage. This is as real as it gets. Thanks Joshua!!

Marcus J. Carey - Metasponse Talk @ Techno Forensics Conference from Marcus J. Carey on Vimeo.