The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • Ransomware: the anatomy of paying a ransom to decrypt hostage files

    May 25, 2017, Bryce Bearchell, Security Consultant

    Ransomware is on the rise and clients seeking to understand the process can learn from this client’s story about being a victim of ransomware as to what can be expected and how to handle a ransomware attack. Recently a company facing a malware infection approached us to help them deal with the encryption of most of their servers across their domain. This also included systems that held online backups - and there was no offline backup solution (that’s a topic for a whole different blog post). The company had discovered a ransom note on their affected systems, along with data files that had been deleted and new files created in the format of <original_filename>.whereisyourfile that appeared to be encrypted.

    Read more
  • Information and guidance for dealing with WannaCry

    May 15, 2017, Mark Lucas, Vice President, Chief Information Security Officer, Coalfire

    Coalfire continues to closely monitor the WannaCry ransomware attack.  Much has been written over the past few days about the attack.  For those of you who may not have had time to review in detail and assess appropriate actions for your organization, we wanted to provide summary information.  

    Read more
  • What’s Your Computer Thinking About? Examining Random Access Memory (RAM)

    December 28, 2016, Robert Meekins, Director, Forensics, Coalfire

    How valuable would it be to be able to read another person’s mind? To know what they’re thinking or planning to do would be invaluable. Or, how valuable would it be to know what they have done in the recent past, especially if you believed they were involved in some criminal activity? Who they were talking to, or what they said. If you could recreate the events and determine the timeline of activity, information like this could help you in solving plenty of mysteries.

    Read more
  • Ghosts in the Bank

    October 27, 2016, John Skipper, Associate Security Consultant, Coalfire Labs

    It was a dark night. A car pulled up in the parking space next to me and quickly extinguished his lights. I looked out the my window and saw the driver. He gave me a quick nod and we exited our cars. Opening the trunk I pulled out my tools for the night. A backpack full of trash bags, a flash light, gloves, a tarp and oily rags taken from the garage. We walked in the warm summer air up a hill and to the street corner where the target was finally in view. There was the bank. Tonight was just recon, getting a lay of the land and some dumpster diving. We approached the bank and made a quick walk around the block identifying windows, entries and exits and connecting the dots of what I found on Google Maps. By the cover of trees we started down an embankment towards the dumpster, but we spotted a police car. Trying not to cause any suspicion, we quickly made our way back to the sidewalk and walked away from the bank. My heart was racing. I didn't want to fail even before we started.

    Read more
  • To [Hell] Shell and Back

    October 27, 2016, Justin Berry, Security Consultant, Coalfire Labs

    My initial thought was it has to be the firewall keeping my reverse shell from getting out of their environment. So, leveraging the command execution vulnerability, I started testing outbound internet access from the vulnerable server to my server on the internet, only to find that the port I had been using all along in the initial Metasploit attempt was allowed out. This left me with a sense of disappointed optimism because the firewall isn’t blocking it, but for some reason it isn’t working. “Maybe it’s getting caught by Anti-Virus”, I thought. I used the command execution to generate and execute an FTP script that would download a payload from my server. The logs on my server showed an active download from the target companies network. “.. Excellent..”, I mischievously muttered to myself in my best Mr. Burns impression.

    Read more
  • Displaying results 21-25 (of 61)
     |<  <  1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics

Archives

RSS Feed

The Coalfire BlogSubscribe to Feed
Chrome users will need to install RSS Subscription Extension (by Google)

Tags