Friday, March 29, 2013

Red Sky Weekly - 3/29/13


Wapack Labs setup is nearing completion. There’s a bit of painting left to do, but we’re ready to open the doors on Monday. Wapack has already had a couple of folks walk through the doors, including the Data Security Partner for one of the largest law firms in New Hampshire, and a mom who wanted to know if we could restore pictures from a broken disk. We won’t be doing any criminal work yet, but have solid processes and capabilities in host and network based forensic analysis, cellular/mobiles/Pads and malware analysis. I’ll be in Tokyo, but Rick will be in the lab with the team. So if you’re local to the Manchester Historic Mills area, we’re in the Waumbec Mills (250 Commercial St., Suite 2013) right next to the UNH campus.  

SecureWorld Boston: On top of getting payment systems set up, building furniture, and buying trash cans (I think I have swiper's elbow.. and I can't tell you the workouts I've endured just running my Amex through so many times!), I spent two days at SecureWorld Boston. I had probably two dozen people come up and tell me they’d heard of Red Sky Alliance! Our friend Al Koch, from Norman was there with a former coworker of mine from my days at DC3, as were Red Sky's friends from Solutionary. This was my first SecureWorld, but it won’t be my last. I enjoyed reconnecting at a local level. Boston is a blast, and the security community is on fire. I’ll be giving a threat presentation at the next ISC2 Boston Chapter meeting on May 9th, and have begun reconnecting through ISSA and Boston Infragard. It’s funny. I participated in these groups years ago, and now I’m running into many of the same folks that I knew from then. I ran into two old coworkers from my PwC days (they're not kids anymore!), several folks from the local FBI office, and I've got a half dozen new companies that want to talk about joining Red Sky!

STIX! We had the long-overdue opportunity to reconnect with Mitre this week. We’ve been wanting to do a bit more with STIX but hadn’t really had the resources to do it. Mitre has been doing a lot of work in development of STIX, and was gracious enough to offer assistance in “STIX-ifying” Red Sky. This will be welcome addition, as some of the members already started heading that way. We’ll remain on Kill Chain, but we promised Richard and Tom at DHS that we’d work to support STIX, so we’ll do our part.  

New Members: We sent membership kits out to two new incoming members --one Federal Agency and a new large enterprise mid-west Chemical Sector company. Our second year renewals have started to roll in, and so far so good. No drops!

Analytics: This weekend we will be releasing our 8th fusion report for 2013. FR13-008 will be our second infrastructure focused report and will detail two related subnets that have been linked to a wide range of APT activity; and we been working hard developing our third Intel Analysis Report to assist one of our members with a bit of tailored reporting. We had a question asked. It was interesting, and pulling the thread lead to some interesting observations. I hope the community likes the reporting!

Easter Egg: This is to see who's paying attention! The Easter Bunny has a special treat for you! WhoisRecon is coming soon from Wapack Labs Want to be an early adopter user?  Want to get on the pre-release list? Just send the Easter Bunny a note and ask.


It’s been a great week!
...off to Tokyo!
Jeff