Detecting Lateral Movement through Tracking Event Logs
JPCERT/CC extracted tools used by many attackers by investigating recently confirmed cases of targeted attacks. Then, a research was conducted to investigate what kind of logs were left on the server and clients by using such tools, and what settings need to be configured to obtain logs that contain sufficient evidential information.
This report is a summary of the results of this research.
Fact-finding Report on the Establishment and Operation of CSIRTs in Japan 2015
Cyber attacks in recent years have become increasingly diverse in terms of their aims, targets, and TTPs (Tactics, Techniques, and Procedures) used. Occasionally, the impact can be large enough to shake the foundation of a business. One approach that is drawing attention is to establish a Computer Security Incident Response Team (CSIRT) that will serve as the linchpin of an organization to effectively handle security incidents.
Initiative on Security Issues of the IPv6 Protocol
Support for IPv6 is spreading at an accelerated rate in network devices and Internet connection service menus. Today, an environment in which IPv6 can be used is becoming increasingly commonplace. From the perspective of network administration including security, IPv6 comes with features that need to be handled with an approach that differs from IPv4.
Report on Security Issues of Web Application Using HTML5
HTML5 is a specification of a markup language which is under development by WHATWG and W3C as the next generation of HTML standard. HTML5 and its peripheral technologies enable us to develop more flexible and convenient website than using the conventional HTML4. It allows us to store data within the visitor's browser (Web Storage), enables full-duplex communication between the visitor's browser and web servers(WebSocket) and obtain location information of the visitor(Geolocation). However, verifications and awareness-raising on how attackers may exploit these new features have yet to be properly performed.
Research Report on IT Security Inoculation
Targeted email attacks, where malware attached emails and the like are sent to specific companies, organizations or individuals, are recently emerging.
The research has revealed that targeted email attacks do indeed exist and that education and trainings based on inoculation methods prove effective to a certain level.