Cuckoo != Insanity
The Cuckoo Sandbox is a open-source automated malware analysis system used by security professionals around the glob. In this presentation I will demonstrate how to install and configure Cuckoo and consider the pros and cons of running your own sandbox environment rather then using some of the free solutions found on the Internet. We will also discuss why its not just a tool for the Malware Analysts.
OSX Archaeology: Becoming Indiana Jones with OSXCollector and Strata
Companies who have large install bases of OSX have had little to worry about with Malware. That is rapidly changing and there are few options to help with forensic analysis on OSX when infection is suspected. Recently Yelp released an evidence collection and analysis toolkit called OSXcollector to help with determining if a machine is infected, how the malware infected the system, and how to prevent and detect with future attempts of infection. OSXCollector is a powerful tool, however, it takes a lot of CLI Kung Fu to master. Strata is an opensource tool we've developed and are launching at SAINTCON to help provide a quick UI for the information collected by OSXCollector, thus helping the not yet CLI Kung Fu masters rapid insight into the data collected and helping them become a forensic Indiana Jones.
Transparency: A Case For Wearing The Emperors New Clothes
Our data is being turned over and controlled by 3rd parties. We've left data security in their hands, and they have few restrictions on what they can do with it. Can they become more transparent, and what would that mean, and why should we care?