From Security Weekly Wiki
Jump to navigationJump to search

Episode Media

Episode 327


Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 327 for Thursday April 11th, 2013

  • Register for "Offensive Countermeasures: The Art Of Active Defense": SANSFIRE Washington, DC June 15-16th with John Strand
  • If you are in the Boston area, check out BSides Boston with Keynotes by Dan Geer and Josh Corman on Saturday May 18th!
  • Come to Security BSides Rhode Island One-Day Conference on June 15th tickets are NOW ON SALE at WePay.com. Featured presentations from Josh Wright , Kevin Finisterre, Kati Rodzon and Mike Murray, Bruce Potter, Joe McCray,Ron Gula, Ben Jackson, Dave Maynor and the entire PaulDotCom crew!
  • The Stogie Geeks Show! - Kick some ash with the Stogie Geeks, Thursday nights at 8:30PM EST. Come have a cigar with us!

Interview: Richard Bejtlich

Richard Bejtlich is Mandiant's Chief Security Officer. Prior to joining Mandiant, Mr. Bejtlich was the Director of Incident Response for General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). He wrote The Tao of Network Security Monitoring, Extrusion Detection, and co-authored Real Digital Forensics. He currently writes for his blog TaoSecurity and teaches for Black Hat.

  • [JackD] would like to talk about the "haters" who attack every report as marketing spam, regardless of content and value. The APT-1 report got a lot of that.*
  • What are some of the things people still don't do (or don't do right) that would improve security"
  • Any recommendations for people who want to know if they are victims of an advanced attack or a regular malware attack?
  • What are the biggest differences between the behavior of the attacks, and if do you recommend any tools, methods, or docs that people can use to aid in their determination.
  • Do you see any advanced attacks coming from nation states other than China.
  • Does Mandiant see US created surveillance malware? How about malware from US allies? If it was seen, would it be handled different due to the political situation?
  • Does Mandiant see any attacks by organized crime that are impressive enough to be considered advanced, and not just regular fraud attacks?
  • Advanced malware is written to be undetectable by AV, but we know that there are other stages of an attack such as recon and exploitation. what detection method has seen the highest success rate against any stage of an APT attack?
  • It's generally understood that apt attacks from China are used partly to steal trade secrets or negotiating tactics. There has to be some sort of social network or information market to ferry that info from the bot herders to the businesses that benefit. Is there any insight you can share on this idea? It seems that such a market or network can't be that small, so it would be hard to keep it secret forever.
  • Please tell us a cool story about the most interesting intrusion you can talk about.

Guest Technical Segment:


  • We are in the process of archiving and cataloging our technical segments, please visit the PaulDotCom Technical Library and we indexed all of the interviews we have conducted. We are also working on updating all of the articles, so check the newsletter or if you want to help in exchange for some free guidance and security training please email me.
  • Larry teaching SANS SEC617 all over and coming to a city near you in 2013. It isn't too Late to sign up for my class in San Diego this May!
  • If you are interested in hosting SANS Training in the Boston area via the mentor format, please send us an email at mike -at - pauldotcom.com! We're looking for a location that can host 2 hours in the evening, 1 night a week, for 10 weeks.


Paul's Stories

Larry's Stories

Jack's Stories

  1. This one is worth a panel discussion^^argument^^Episode 350 segment Spaf on competitions and competence Dr. Spafford says we're working on the wrong skills. Mike Rothman mostly agrees in this post over at Securosis.
  2. The security job market is so hot... how how is it? So hot it's cooling off? I'm confused.
  3. Free is good, right? Here's a list of free security tools from Microsoft. Some are familiar, others a little less known.

Allison's Stuff