tag:blogger.com,1999:blog-9518042.post28088543978779155..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: The Demented Musings of an Incident ResponderUnknownnoreply@blogger.comBlogger3125tag:blogger.com,1999:blog-9518042.post-25479099573636478262008-08-25T08:05:00.000-05:002008-08-25T08:05:00.000-05:00Harlan,Couldn't agree more. Training is vital, ho...Harlan,<BR/><BR/>Couldn't agree more. Training is vital, however it's not just training that people need, it's regular and repetitive training, much like military methods. Drilling actions in to the 'first responders' so they do what they're told when things start to happen. <BR/><BR/>Regarding obfuscation and hiding tracks I think we saw a lot of this really take off a few years back when attackers just splattered systems and didn't bother to hide. They didn't need to and realized that attempting to hide in a smaller amount of targets that may be of higher intrinsic value is less effective than widespread infections in less valuable targets, gaining value in quantity, rather than quality. This still holds true today. Of course there are those out there who get the big scores. <BR/><BR/>Computers are no longer a luxury, they are a requirement and people just want them to work, they no longer care how they work, so they stopped looking under the hood. Curiosity is not cost effective. These attacks go unnoticed for this reason. Like our cars, people assume everything is ok if they can get from point A to B. We take it to the mechanic when we notice something is wrong, but had we looked under the hood, we may have noticed that the belts were worn to the point of snapping and the battery terminals were corroded. Unless people see something that's blatantly out of the ordinary, everything must be fine and the systems are safe as long as they are operational.hogflyhttps://www.blogger.com/profile/00741773109962883616noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-91106567145825007142008-08-25T07:22:00.000-05:002008-08-25T07:22:00.000-05:00as long as custumors dont know and dont notice u c...as long as custumors dont know and dont notice u can do what ever u want... /<A HREF="http://www.csbygg.se" REL="nofollow">lagerhall</A>Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-23992008160120597082008-08-24T21:09:00.000-05:002008-08-24T21:09:00.000-05:00"In some network infrastructures, there's no need ..."In some network infrastructures, there's no need to use rootkits or other obfuscation methods."<BR/><BR/>This is true more often than not. Customers don't take it well when they hear that their network has been compromised for months (years) and they never noticed.Anonymousnoreply@blogger.com