This index page displays the ten most recent entries across all of
our blogs. The links to the right allow you to subscribe to this master
list, search all of the blogs, or visit an individual blog.
Clicking a link for an entry takes you to an individual blog. From
there, you can subscribe to that blog and explore more information about
that area of work.
Hey folks, it's Will. Every now and then I encounter an app that doesn't play well with FOE. You don't have to throw your hands up in defeat, though. Because FOE (and BFF) are written in Python, it's pretty easy to modify them to do what you like.
Continue reading Hacking the CERT FOE
Hi, this is Jose Morales, researcher in the CERT:CES team. In early 2012, a backdoor Trojan malware named Flame was discovered in the wild. When fully deployed, Flame proved very hard for malware researchers to analyze. In December of that year, Wired magazine reported that before Flame had been unleashed, samples of the malware had been lurking, undiscovered, in repositories for at least two years. As Wired also reported, this was not an isolated event.
Continue reading Prioritizing Malware Analysis
Hi, Timur Snoke here with a description of maps I’ve developed that use Border Gateway Protocol routing tables to show the evolution of public-facing autonomous system numbers.
Continue reading Analyzing Routing Tables
Hi folks, it's Will. Apple has released OS X Mavericks. Because BFF 2.7 was released before Mavericks, BFF doesn't work right out of the box. But it's actually quite simple to get it working.
Continue reading BFF 2.7 on OS X Mavericks
Hi, it's Timur Snoke of the CERT NetSA group, posting on behalf of Deana Shick and Angela Horneman. It's not every day that 9.6 terabytes of data is released into the public domain for further research. The Internet Census 2012 project scanned the entire IPv4 address space using the Nmap Scripting Engine(NSE) between March and December of 2012. The engineer of this data set (identity unknown) saved and released the collected data in early 2013. The data is broken down into seven types of scan results: ICMP ping, reverse DNS, service probes, host probes, syncscan queries, TCP/IP fingerprints, and traceroute.
This information has proved valuable in our research in understanding aspects of devices associated with various sets of IP addresses, as shown in our upcoming tech report “Investigating Advanced Persistent Threat 1.” This vast source of information also has potential for many other research projects.
Continue reading Working with the Internet Census 2012
Greetings! This is Matt Collins, an insider threat researcher with the CERT Insider Threat Center. In this post I describe some of the types of insider incident data we record in our Management and Education of the Risk of Insider Threat (MERIT) database. The CERT Insider Threat Center began recording cases of insider threat in 2001. To date we’ve recorded over 800 incidents using publicly available information. Those 800 plus cases span the years 1995 through the present. The MERIT database allows us to analyze and understand the who, what, when, where, and why of insider incidents.
Continue reading Analyzing Insider Threat Data in the MERIT Database
Hi, this is Will Dormann of the CERT Vulnerability Analysis team. One of the responsibilities of a vulnerability analyst is to investigate the attack vectors for potential vulnerabilities. If there isn't an attack vector, then a bug is just a bug, right? In this post, I will describe a few interesting cases that I've been involved with.
Continue reading Vulnerabilities and Attack Vectors
Hi folks, Allen Householder here. As Will Dormann's earlier post mentioned, we have recently released the CERT Basic Fuzzing Framework (BFF) v2.7 and the CERT Failure Observation Engine (FOE) v2.1. To me, one of the most interesting additions was the crash recycling feature. In this post, I will take a closer look at this feature and explain why I think it's so interesting.
Continue reading Attaching the Rocket to the Chainsaw - Behind the Scenes of BFF and FOE's Crash Recycler
Hello, I’m David Mundie, a CERT cybersecurity researcher. This post is about the research CERT is doing on unintentional insider threats, in particular social engineering.
Earlier this year, the CERT Division’s Insider Threat Team published the report Unintentional Insider Threats: A Foundational Study that documents results of a study of unintentional insider threats (UIT), which was sponsored by the Department of Homeland Security Federal Network Resilience (FNR). Following the success of that report, we on the Insider Threat Team continued our work on UIT, focusing on one aspect of the threat: social engineering.
Continue reading The Latest CERT Research of Unintentional Insider Threats: Social Engineering
Hi folks, it's Will Dormann. A few months ago I published a blog entry called Don't Sign that Applet! that outlined some concerns with Oracle's guidance that all Java applets should be signed. The problem is that with Java versions prior to 7u25, there is nothing that prevents a signed applet from being repurposed by an attacker to execute with full privileges. As it turns out, Java 7u25 introduced features to prevent a Java applet from being repurposed. Thanks to CERT/CC blog reader Rob Whelan for pointing this out! There are some potential pitfalls when using this feature, however.
Continue reading Signed Java Applet Security Improvements
The content on this site is made available on an "as is" basis without any warranties and solely for your personal viewing. Carnegie Mellon University is not liable for any consequences arising out of your use of such materials.