So over the last week we've started to get cases where Rootkit Revealer (having been downloaded by the customer) is not detecting any hidden files / folders / registry entries on the customers machine; yet our own rootkit tools we supply with our IR toolkit...

Well what do you know - that day that I was talking about in my previous post? It was today: http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml Make sure you check out the MSR site in the coming days / weeks (hoping that by saying it like...

Edited 2/25/2005 to examine the multiple definitions of the word 'rootkit', added information on a LUA-friendly rootkit for the LUA folks to ponder (LUA - Limitted User Account), and added some thoughts on how they could mess with AV software. :) So this...

So yesterday this hilarious URL probably arrived in your inbox via your own personal friend network - and if it didn't, allow me to share it with you now (it's almost as entertaining as the Star Wars Kid ): http://www.microsoft.com/athome/security/children...

Wow - this is really really cool. So . . . select members of the MSRC are off at RSA this week doing BOOTH duty and talking to our customers and then blogging about the days events in an MSN web space - check it out! http://spaces.msn.com/members/msrc...

Interesting information from RSA, it's nice to see someone other than me notice the pure creamy goodness of WS2003 for once (I've noticed it from the incident response side of things by noting a marked absence of WS2003 hacking cases over the last 2 years...

Folks it just occured to me that I haven't formally introduced you to a colleague of mine, Tim Rains. Tim Rains is also a tech-lead on the PSS Security team and is an avid C++ coder (un-like me who despises the language). In fact Tim has a long and distinguished...

So it seems that there is a new MySQL bot that is spreading to Windows machines running MySQL with weak SA (or whatever MySQL's equivalent is) passwords. You can read more about it here http://news.zdnet.com/2100-1009_22-5553570.html and here: http:/...

So I'm getting some 'interesting' and frankly un-expected comments on my most recent 'Anatomy of . . . ' posts where I delve into examples of a hack involving certain vulnerabilities (one of which wasn't even in one of our products I'd like to point out...

Okay - so here is my analysis of a recent WINS hack a customer experienced. The customer caught this by analyzing their netflow data from their routers . . . they suddenly started sending tremendous amounts of packet love and affection to various IP's...

I've gotten some really great feedback on my blog now that I'm actually blogging about incident response topics - I appreciate the feedback, keep it coming! So we here in PSS Security are tied into the security incident response community fairly well...

So the war between the miscreants and the first responders / incident responders is just that - it's a war with casulaties (servers, workstations, work life / home life balance) and it is complete with an arms race in the form of stealthing (miscreants...

My last blog post was about miscreant hiding techniques . . . unfortunately one can probably write a book devoted to some of the more popular techniques . . . I'm just going to blog from time to time about the ones my team is encountering (call it miscreant...

At long last - a blog post about Incident Response in the self-proclaimed 'Incident Response' blog! Before I finally crash for the night there are two things I wanted to bring to the attention of folks interested in Windows IR that my team has come across...

Okay so this post is several months late - what can I say, I'm easily distracted and overly busy. Hopefully if you are reading this post you've already read the post on hacker personas. Having been on the PSS Security team for over three years now I've...

So yesterday Jesper posted his final installment in his 3 part series in passwords vs. pass-phrases and while I had some issues with some of the assumptions he used to draw conclusions in his 2nd installment, I have no such issues with the conclusions...

So today Jesper Johannson a gentlemen whom I have the pleasure of speaking with on occasion has posted his 2nd installment on the topic of passwords here . I encourage you all to read it - in this installment he goes deep into the math and science behind...

It's been a while since I have posted and I wanted to give folks a quick update and explanation on why things haven't progressed as quickly as I'd hoped. I'd like to try to not be a one hit wonder and continue to improve the security of our customers...

Given what I do, I tend to be pretty interested in technologies that will allow me to do away with passwords altogether. One area that's shown promise in the past is the use of graphical passwords (again, demonstrating that passwords are an antiquated...

Okay, yes, I admit - I'm a little too excited about Halo 2 (note to XBox geeks out there, schedule your vacation NOW for around the launch of Halo 2 in November and make sure your XB live account is paid and up to date), but that is a fitting title for...

Edited 10/18/2004: This blog has gained far more attention than I could have ever imagined when I decided to create a small personal blog devoted to security incident response. I never imagined my first ever post would be as controversial or as widely...