OSU CS373 - Defense Against the Dark Arts

Attack vector graph sourced from lecture slides provided by Oregon State University CS373 There are four key things that malware do, first contact, code execution, establish presence, and perform malicious activity. First contact: can come in many different ways including email attachments, spoofing an ad network which is also known as malvertizing,  instant messaging, poisoned search results, watering hole which is a term for poisoning a website that people routinely frequent, and physical contact such as a USB stick. Execute: there are three main methods of execution, social engineering, exploitation, and code that is passed as a feature and not a bug. Establish presence: the malware may try and blend in by having filenames that are very similar to operating system names. The malware can also modify date/time installation and modification. Malware can also hide in rootkits or bootkits. A piece of malware has to also persist after it has been established. The easiest ...

"Forensic Computing is the process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable" - Rodney McKemmish This week we are introduced to advanced forensics. Our primary goals are to learn how to approach and react to incidents when collecting evidence. We are also going to learn how to set up a forensic environment. There are several case types that require forensic analysis, including but not limited to: fraud, intellectual property theft, data breaches, inappropriate use of Internet, child exploitation, and eDiscovery support for court cases. There are three steps to forensics: evidence acquisition, investigation and analysis, and reporting the findings. There are four principles that have to be applied to every case: minimize data loss, record everything that you do, analyze all data collected, and report your findings. Evidence in computer forensics can be found is many locations such as the operating syste...

This week we were introduced to the basics of malware. The first commercial anti-virus was released in the early 1990s where updates would be distributed monthly via floppy disks. An important component in current and future anti-malware is collaboration efforts between companies. If one company remains siloed in their efforts they can miss behavior that a different company may see from the same piece of malware. The primary vector for malware is users. Next is USB drives. Some basic definitions that were covered are: DGA - domain generating algorithm that creates lots of domain names that can be used as rendezvous points for command and control servers Malware - shorthand for malicious software viruses - these are a type of malware that are polymorphic and parasitic worm - this type of virus is not necessarily parasitic, the main purpose is to spread as quickly as possible trojan - backdoor and downloader means that the hacker is controlling the host machine remotely. Tro...

This blog will function as my space to write my thoughts and experiences as I take Oregon State University's CS373 - Defense Against the Dark Arts. The course will cover malware and malware defenses, forensics, vulnerabilities and exploits, Windows kernel structures and drivers, network security, web security, mobile security, and messaging security.