Looking for Malicious PHP Files

I’ve been digging through some PHP files that are trying very hard to hide what they are doing. Basically, the PHP code is base64 encoded and then compressed. The blob of random text is then stuffed into a PHP file which calls eval(gzinflate(base64_decode(“BLOB OF TEXT”))); to decode it and execute it on the web server. While it obscures what the … Read More

Preparing for Incident Response

Having a solid incident response capability isn’t an accident.  It’s the result of focused preparation, training and culture.  Incidents come at unexpected times, frequently with little warning, and can have a severe impact on an organization.  It’s during these times that inadequate planning, documentation and missing tools become painfully apparent.  That high level incident response plan that made the auditor … Read More

Learning from BP’s Response to the Gulf Disaster

One of the most disheartening things about the Gulf of Mexico disaster is to watch BP, the government and other involved parties appear to make up their response as they go along.  Aren’t oil companies required to plan for failures and how to recover from them?  As it turns out yes, they are.  Tonight I found the official “Regional Oil … Read More