holisticinfosec.org - Publications & Events

Publications & Events

Publications

HolisticInfoSec.org's Russ McRee writes and speaks regularly on information security topics in the hope of sharing knowledge and resources with a wide audience.

March's toolsmith, in honor of Russ' presentation on security visualization at RSA. we'll take a close look at NetGrok and AfterGlow, two excellent security visualization tools.

For April, toolsmith will discuss the dradis information management framework for penetration testers.

toolsmith offers insights on tools useful to the infosec practitioner, typically open source and free.
The ISSA Journal is available to members in print and online at issa.org. Article copies are available on the toolsmith page.

SearchFinancialSecurity.com features three of Russ' articles:

Financials and the need for software regression testing

Why financials must implement Web application security best practices

Security questions to ask SaaS vendors when outsourcing services

Russ' article regarding the open source laptop tracking and recovery offering Adeona is available in Issue 100 (March 2009) of Linux Magazine.

Russ' article, Safe Keeping, regarding TrueCrypt, is now available in Information Security magazine.
TrueCrypt is an open source laptop encryption alternative for your organization.
This article also includes a sidebar on Adeona, an open source system for tracking the location of your lost or stolen laptop that does not rely on a proprietary, central service.

July 2008's (IN)SECURE features Russ's article Open Redirect Vulnerabilities: Definition and Prevention. Download Issue 17 .

June's ISSA Jounal features Russ's article, Anatomy of an XSS Attack, as its title piece. This is a unique effort written in the 1st person, as a cybercriminal, to exemplify the grave harm that can come to users and consumers when cross-site scripting (XSS) vulnerabilities are left unmitigated. With kind permission from the ISSA Journal, holistiinfosec.org is able to bring non-members the pdf copy of Anatomy of an XSS Attack. Please consider joining the ISSA today.

Testy Eft , Russ's article on security testing with nUbuntu , is available in the November 2007 issue 84 of Linux Magazine.

A piece covering Network Security Monitoring and Sguil via Knoppix-NSM is available in the October 2007 Information Security Magazine titled Putting Snort to Work.

OWASP offers Secure Web App Server , in its Papers collection. The paper covers the use of SELinux, iptables, mod_jk, mod_security, and mod_evasive to build a secure web app server. This paper is a living document, updated as needed to stay current. Current version is 1.3 with change notes included.

SMaK - Smoothwall, MySQL and Kiwi Syslog Daemon: Cost Effective Firewall and Logging with Database and Analysis

Systems Security Assessment: A Simple Baseline

Events

Russ is presenting Visualizing IDS output: Tools and Methodology at RSA 2010, March 5, 2010, 10:10-11:00 am.

Past Events

Russ presented IT Infrastructure Threat Modeling at the ISSA Puget Sound August chapter meeting, August 20, 2009 from 6-8pm.

Russ presented CSRF: Yeah, It Still Works with Mike Bailey at Defcon 17 on Saturday, August 1, 2009. Presentation slides here .

Russ provided a guest lecture at University of Washington's Certificate Program in Information Systems Security , specifically on the topics Practical Crytography: TrueCrypt and Web Application Security Flaws (May 21, 2009).

Russ participated in a panel discussion at the Ziff Davis Enterprise Security Summit 2008 on October 21, 2008 at the Fairmont Olympic Hotel in Seattle, WA. Details here .

Russ presented The XSS Epidemic: Discovery, Disclosure, and Remediation to the Puget Sound chapter of the ISSA on August 23, 2008.

Russ presented The XSS Epidemic: Discovery, Disclosure, and Remediation to the Washington Technology Industry Association Security Special Interest Group on July 14, 2008. Details here .

Russ presented Malcode Analysis Techniques for Incident Handlers at the 20th Annual FIRST Conference in Vancouver, B.C. on June 25th, 2008. Details here. Slides here .

Russ presented The XSS Epidemic: Discovery, Disclosure, and Remediation at the 2008 ISSA NW Regional Security Conference on April 23rd, 2008, in Olympia, WA. This presentation was the result of a great deal of research for the April 2008 toolsmith of the same approximate title. The most disturbing finding during this process was the discovery of yet another batch of Hacker Safe branded sites that are certainly not. Refer to the blog post and video for more information.

Russ gave an overview of RAPIER during a SANS Ask The Expert Webcast, Malcode Analysis and Response: Proficiency vs. Complexity on March 20th, 2008.
"The threat landscape changes constantly, driven in part by the "bot economy" and changing malcode techniques. In response, incident handler techniques must keep pace. This presentation will cover the use of RAPIER, a security tool built to facilitate first response procedures for incident handling. It is designed to acquire commonly requested information and samples during an information security event, incident, or investigation. RAPIER automates the entire process of data collection and delivers the results directly to the hands of a skilled security analyst. From detection and discovery, capture and containment, count on a useful discussion meant to further your incident response practices."
You can listen to the stream and/or view the slides here.

Russ offered Malcode Analysis Techniques for Incident Handlers at SecureWorld Expo Seattle 2007 : The threat landscape changes constantly, driven in part by the "bot economy" and changing malcode techniques. In response, incident handler techniques must keep pace. This presentation will cover tools and methodology useful to handlers, analysts, and administrators. From detection and discovery, capture and containment, count on a useful discussion meant to further your understanding of the information security practitioner's greatest bane.Slides available below.

Russ taught SANS Stay Sharp Google Hacking and Defense on July 19th, 2007 in Bellevue, WA. SSP-GHD offers a "fundamental understanding of technical defense measures to uncover unintended information disclosures, close common holes in web servers and Internet connected devices as well as clean up the exposures discovered."

3rd Annual ISSA Northwest Regional Security Conference May 11th, 2007. Covered toolsmith highlights.

WSA Security Sig, April 2nd, 2007. Covered toolsmith highlights.

Extrusion Detection with Aanval and Bleeding-Edge Snort at SecureWorld Expo Seattle, October 10, 2006. Details here.

Covered Aanval and Bleeding Snort for the Seattle Snort Users Group on June 6, 2006, at the South Seattle Community College. In an age of compliance, it is hugely beneficial to have the capacity to draw the majority of network security information from one platform. Use of Aanval can offer much information about outbound traffic, in particular, via the use of Bleeding Edge Snort rules to capture both IM and spyware traffic, as well as policy violations and information leakage. Russ presented the use of Aanval as an IDS and Network Monitor, covering the use of Aanval and Bleeding Edge Snort rules for malware detection and policy enforcement at Linuxfest Northwest 2006 in Bellingham, WA, April 29th, 2006

Russ' article, SELinux, Apache, and Tomcat, A Securely Implemented Web Application Server, was published in Sys Admin, the journal for UNIX and Linux systems adminstrators, in the January 2006 issue. The article covers the use of SELinux, iptables, mod_jk, and mod_security to build a secure web app server.

Russ participated in the Seattle SecureWorld Expo as a panelist on the IT & Physical Security Convergence panel. Seattle SecureWorld Expo took place October 19-20, 2005 at Meydenbauer Center.

Russ was privileged to address an audience of extraordinary scientists and researchers in the field of intrusion detection at RAID 2005 - The 8th International Symposium on Recent Advances in Intrusion Detection held in Seattle September 7-9. The presentation was a short, simple one, designed to motivate further discussion at poster sessions held after the presentations to the audience as a whole.