Passionate about Information Security

The slides from my @night talk at SANS Boston 2011 are available for download now: When Prevention Fails, Extending IR and Digital Forensics Capabilities to the Corporate Network (PDF – 6,2 MB) Thanks to Barbara Basalguete, Stephen Northcutt and the rest of the SANS crew for the opportunity to participate in such a great event, as well [...]

I can’t think of any better place to be in May than… Berlin!! So all packet-ninjas looking to improve their TCP/IP and traffic analysis skills are welcome to join us in the first ever Community SANS Berlin for the SECURITY 503: Intrusion Detection In-Depth track. A full description of the event can be found here: [...]

Part 1 of my post on Mac OS X memory acquisition and analysis has been posted at the SANS Forensics Blog. I’ll try to publish Part 2 early next week. Stay tuned!

http://computer-forensics.sans.org/blog/2011/01/28/mac-os-forensics-howto-simple-ram-acquisition-analysis-mac-memory-reader-part-1

I’m glad to announce that I will be teaching Community SANS Security 503: Intrusion Detection In-Depth at Banbury, Oxfordshire (UK). This 6-day course will run from Monday, February 15, 2010 through Saturday, February 20, 2010.

The System Administrator knew something was wrong when he saw there was an additional user account on the Web-based Enterprise Resource Planning (ERP) system that he administered. He kept the system updated and patched, but he now suspects that the system has been hacked and compromised. Now, as a computer forensic investigator, you will have to find out if there was any unauthorized access, how it happened and what was the extent of the damage.

I read in Doug Burks’ tweet that his Security Onion LiveCD is now available for download. Being a serious Sguil fan, I can’t do anything but recommend you have a look at this new live distro.

If you ever wondered what a blonde, a brunette, lemon juice and a bank robber had to do with software development and the psychology of programming you have to watch Ron Burk’s presentation…

I’m writing this post while seated on a train going from Birmingham’s International Airport to Banbury, a small town located in the heart of Oxfordshire. It’s only a 40 minutes trip but I really enjoy it, especially if I have a good album to listen to…

…you have to know that the Honeynet Project has been working on a way to detect Conficker-infected machines and that they have just released a scanner for this task. The scanner is available as a python script and as a windows .exe executable, and can be used to scan a single host or a whole network range.

That’s been what I call my ‘SANS itinerary’ since I started this exciting journey back in June 2007. It all started at SANS Secure Europe, in Brussels, where I took my first SANS class with Jess Garcia, CEO of One eSecurity and a good friend of mine. It was SECURITY 508, System Forensics, Investigation & Response, an awesome track created by Rob Lee on one of the most interesting and hot topics of Information Security. It’s been almost two years since then, but now I realize that event had a tremendous positive influence in my career as a security professional.