Information Security in Today's Digital Culture

Author Archives: Brett Edgar

Brett Edgar

About Brett Edgar

Brett is a Founder and the former Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

Why Everyone Should Be Using a Web Proxy

August 30th, 2012 | Posted by Brett Edgar in Malware | privacy | Security - (0 Comments)

If you haven’t heard about it by now, let me clue you in: Java is a security nightmare. A few days ago, a zero-day exploit for Java 7 became widely-known. The exploit bypasses Java 7’s security sandbox and permits attackers to download and execute code without user interaction. The attack is already available in Metasploit …
Read more

In the course of a recent incident response engagement, I ran into a hard-to-track-down problem involving imaging a drive. I was using a forensically sound hardware ATA drive imager (the awesome DiskJockey Pro Forensic edition), and was attempting to make several copies of a 2.5″ 250GB SATA Western Digital laptop drive that had a single …
Read more

MS12-020 Proof-of-Concept in the Wild

March 18th, 2012 | Posted by Brett Edgar in Advisories | Malware | Microsoft - (0 Comments)

Well, that didn’t take long. As of Thursday, an MS12-020 PoC (the Remote Desktop Protocol vulnerability) is in the wild. Looks like one of Microsoft’s MAPP partners leaked some test code. This PoC code only causes a Blue-Screen-of-Death, so the damage is limited to a denial-of-service. It won’t be long until the bad guys figure …
Read more

Seeing the rate at which companies have been successfully attacked by Java exploits while their users surf the web, I became increasingly alarmed and wondered how I was going to defend my own network. I had always known that Active Directory Group Policy could push out software, but I had never explored the option as …
Read more

The MS12-020 vulnerability for which Microsoft released a patch yesterday is about as bad as you can get. The vulnerability requires *no* authentication, can be exploited from *any network* that has connectivity to a Remote Desktop Protocol (RDP) service, and gives an attacker a full GUI at the super-user level (the SYSTEM account on Windows). …
Read more