Making Windows Forensics Elementary

And tools, tips, and another excerpt from Tim Rain's new book! [View this email in your browser]( SecPro #89: Making Windows Forensics Elementary. Hello again! Joke of the Week Why did the band never get a gig? "They were called 1023MB!" Hopefully, our weekly jokes are becoming a part of your weekly routine. If nothing else, surely your week hasn't been as bad as our punchlines! Our multipart guide on how to run digital forensics on both Linux and Windows by [Sai]( is still rolling on with part 2 down below. Make sure you remember to check your emails for part 3 next week! And we're launching a two-part investigation into our next APT under the spotlight - if you were working in IT in 2017, you'll probably remember this particular gang. And as usual, don't forget to check out the new infographic and try out the tools we've laid out at the bottom - this week, we've been researching and playing with cryptography tools! This week's highlights: - [Windows Forensic Analysis - Part 2]( - [Exploring APTs - #3]( - [Cybersecurity Threats, Malware Trends, and Strategies]( - [The Gartner Survey]( And with that - on with the show! Food For Thought Last week, we started discussing Gartner's [Emerging Technologies and Trends Impact Radar]( and it got us thinking - what exactly can we expect over the next year? What's going to change and how are we going to react? We'd love to hear your thoughts! The first twenty responses will win a Packt credit! [WHAT CAN WE EXPECT THIS YEAR?]( This Week's Editorial Articles [Exploring APTs - #3 - Part 1]( This time, we're taking two weeks to look back at one of my favourite examples of an APT releasing ransomware into the world. Ready to reflect on something that brought the NHS to a halt? [Check it out here]( [Windows Forensic Analysis - Part 2]( [Sai]( back with a breakdown on how to approach forensic analysis and which tools we should be using! Cybersecurity Fundamentals [Cybersecurity Threats, Malware Threats, and Strategies]( "Woah, woah, woah - where's the machine learning tutorial?", you ask. We're taking a short break from the tutorials to cover something new on the horizon - [Tim Rains]( [Cybersecurity Threats, Malware Trends, and Strategies, Second Edition]( This time, we thought we'd give you some controversial food for thought - something to liven you up before the weekend! [LIKE WHAT YOU SEE? CLICK HERE]( Tim Rains on Threats Ransomware. The very word strikes fear into CISOs, security teams, governments, and business leaders everywhere. An encounter with ransomware could be an extinction event for many organizations, particularly those that have not adequately prepared for such an attack. However, if it is such a serious threat, why then does this term cause so much confusion for so many people? The meaning of the term “ransomware” has become overloaded over time and is now the source of confusion among cybersecurity practitioners, business and government leaders, and public policy influencers. Ransomware still does refer to the classic category of malware first seen in the 1980s. Long-term data from the antimalware industry reveals that this category of malware has always been far less prevalent than other malware categories like Trojans and Worms. However, over the past few years, “ransomware” has been routinely used to describe any cyber-attack where extortion is involved. This includes the same types of targeted attacks we’ve seen over the past two decades, even when ransomware (the category of malware) isn’t used at all. Ransomware is now the label used for DDoS attacks where attackers demand a ransom to prevent or stop an attack; there’s no ransomware malware involved in these DDoS attacks either. Labeling all these different types of attacks as “ransomware” isn’t helpful in my view. I’ve seen it confuse conversations among CISOs, security teams, their stakeholders, cybersecurity vendors, and even government agencies that provide cybersecurity guidance. I’ve been in so many meetings where one person is talking about the classic malware category that employs file encryption, while the others are discussing targeted attacks where sensitive data is stolen, and attackers are threatening to release it publicly. While the ways they need to protect, detect, respond, and recover can be quite different depending on which of these threats they really intend to focus on. In such meetings, I have found it helpful to provide a definition of ransomware to the participants so that everyone in the meeting was referring to the same thing. Then the group could have a productive, single-threaded conversation about the specific threats they had in mind. How did the concept behind a single, relatively uncommon malware category evolve to become so muddy and so pervasive at the same time? At least part of the answer to this question lies in the ways ransomware has evolved. I examine some of the ways that ransomware has evolved, in my new book. All the views and opinions expressed in this post and in the book are my own, not those of any of my past or current employers. Don't miss out on [Tim Rains]( [Cybersecurity Threats, Malware Trends, and Strategies, Second Edition]( - available at Packt and other leading distributors today! Have You Tried...? Here are some great tools for understanding APTs. - [CyberMonitor/APT_CyberCriminal_Campagin_Collections]( - APT & CyberCriminal Campaign Collection; everything you need in one place. - [sous-chefs/apt]( - Development repository for the APT cookbook. - [kbandla/APTnotes]( - Various public documents, whitepapers, and articles about APT campaigns. - [NextronSystems/APTSimulator]( - A toolset to make a system look as if it was the victim of an APT attack. - [blackorbird/APT_REPORT]( - Interesting APT report collection with a sample, malware, and intelligence. How did find this week's issue? [👎]( [😐]( [👌]( [👍]( [FORWARDED THIS EMAIL? SIGN UP HERE]( [NOT FOR YOU? UNSUBSCRIBE HERE]( Copyright © 2023 Packt Publishing, All rights reserved. As a GDPR-compliant company, we want you to know why you’re getting this email. The _secpro team, as a part of Packt Publishing, believes that you have a legitimate interest in our newsletter and the products associated with it. Our research shows that you opted-in for communication with Packt Publishing in the past and we think that your previous interest warrants our appropriate communication. If you do not feel that you should have received this or are no longer interested in _secpro, you can opt out of our emails using the unsubscribe link below. Our mailing address is: Packt Publishing Livery Place, 35 Livery StreetBirmingham, West Midlands, B3 2PB United Kingdom [Add us to your address book]( Want to change how you receive these emails? You can [update your preferences]( or [unsubscribe from this list](.