The Cisco 2014 Midyear Security Report has been released, diving into threat intelligence and cybersecurity trends for the first half of 2014.

You may be thinking, “What could have possibly changed since January?” True to form, the attacker community continues to evolve, innovate, and think up new ways to discover and exploit weak links in the security chain. Also true to form, they sometimes simply use tried and true methods to exploit some of the same old vulnerabilities that continue to present themselves. The 2014 Midyear Security Report hits on all aspects and once again illustrates that in the age of the Internet of Things, as the attack surface grows, so too grow the number of attacks, the types of attacks, and the impacts of these attacks. Read More »

Tags: dns, midyear security report, security

This post explains how to inspect the contents of windows DNS cache. Inspection can be used to check DNS entries, revealing if any malicious websites are being visited.

A Domain Name Server’s (DNS) cache of DNS records can be inspected to determine if your network is interacting with suspicious or malicious internet sites. To perform this task, perform the following:

For Windows 2003 and prior versions, you must install Windows Support Tools. Once installed, inspect and export the DNS cache using the command prompt (cmd.exe) window.

For Windows 2008 and later, The Windows PowerShell is a more advanced version of Windows Support Tools and is installed by default. Use the PowerShell window or run the PowerShell Script from the command prompt window to inspect and export the DNS cache.

How to Inspect the Cache from the CMD Prompt

Windows 2003 and Prior Using dnscmd

1. From the support tools directory (\Program Files (x86)\Support Tools), run the following command to display the DNS cache output in the CMD window.
   • C:\Program Files (x86)\Support Tools>dnscmd /zoneprint ..cache
2. To redirect the DNS cache output to a file, use the following command:
   • C:\Program Files (x86)\Support Tools>dnscmd /zoneprint ..cache > c:\cache_output.txt

Read More »

Tags: Cisco Security, dns, security

The registration is now open and there is still time left to respond to the call for papers for the upcoming FIRST Technical Colloquium April 7-8, 2014. Please contact us at amsterdam-tc@first.org for speaker engagements. The event already has an exciting preliminary program covering:

• Savvy Attribution in the DNS – Using DNS to Geo-locate Malicious Actors
• Beyond Zone File Access: Discovering interesting Domain Names Using Passive DNS
• DNStap: High speed DNS logging without packet capture
• CVSS v3 – This One Goes to 11
• Securing the Internet Against DDoS Attacks
• Threat Actor Techniques
• Mitigating Attacks Targeting Administrator Credentials in the Enterprise
• Hardware: The root of trust in the cloud
• Targeted attack case study
• What does an enterprise monitor for targeted attacks? – CSIRT Playbook II
• Security uses for hadoop & big data
• OpenSOC
• Using HBASE for Packet capture

And many more current issues facing the incident response community. Learn how organizations operationalize intelligence to mitigate and detect advanced threats.

The event’s line-up includes so far already notables from Cisco Security Intelligence Operations (SIO), Symantec, Vrije Universiteit Amsterdam and Farsight. Looking forward to A great TC!

Tags: Amsterdam, DDoS, dns, FIRST, security, Technical Colloquium, TRAC

This post was co-authored by Andrew Tsonchev.

Two weeks ago we briefly discussed the role of dynamic DNS (DDNS) in a Fiesta exploit pack campaign. Today we further analyze and explore the role of DDNS in the context of cyber attack proliferation and present the case for adding an operational play to the incident response and/or threat intelligence playbook to detect attack pre-cursors and attacks in progress. Read More »

Tags: DDNS, dns, security, TRAC

There are many advantages in outsourcing functions to specialist providers that can supply services at lower cost and with more functionality than could be supplied in-house. However, companies should be aware that when buying services, you may also be buying risk. Organisations that have successfully implemented strategies to reduce the probability of experiencing a breach, and to decrease the time required to discover and remediate breaches, may still encounter embarrassing public breaches via third parties. Within the past two weeks, we have seen two examples of companies having their websites defaced apparently due to security lapses in service providers.
Read More »

Tags: dns, TRAC