Phishing is the attempt to acquire sensitive information such as usernames, passwords, financial information, (including but not limited to credit card and banking information), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication, however as an extension there can be communication via telephone to add legitimacy to the transaction.

The following tips are intended to assist in the prevent of malicious emails

  • Put an anti-spoof filter on the MTA, this means nobody from the outside can spoof an organizations domain
  • Put a flag in the subject line to identify external e-mails, user can optionally create an outlook filter or rule to color code it , example [EXTERNAL] or [Ext]
  • Phish your employees to test employees understanding of phishing risks
  • Have security awareness training and campaigns
  • Block IPs and domains that are used for phishing
  • Block Dynamic DNS
  • Use Proofpoint MTA & TAP product to rewire all external url’s
  • Secure communications: implement SPF, DKIM, TLS, DMARC protocols to the fullest extent possible
  • Manage executive social media accounts
  • Securely configure executive social media accounts
  • Implement social media policies and guidelines
  • Enable multi-step or multi-factor guidelines

 

 

 

The Phishing Task Force Research Sub Group is currently involved in providing comments to several Cybersecurity related NIST Special Publications. One area we will be continuously focused on is any content in the NCCOE Energy Sector: https://nccoe.nist.gov/projects/use_cases/energy_sector. This page hosts documents we are currently reviewing. Our feedback may or may not be aligned to open feedback loops due to our relationship with NIST.

 

If you would like to participate our coordinated efforts to provide feedback to NIST, please contact: the PTF Research team at This email address is being protected from spambots. You need JavaScript enabled to view it. for additional information.

 

Identity and Access Management (IdAM)

Situational Awareness

  • Mechanisms to capture, transmit, analyze, and store real-time and near-real-time data across energy companies’ networked systems.
  • Find out more about this project.

 

 

The GNU Core Utilities are the basic file, shell and text manipulation utilities of the GNU operating system.
These are the core utilities which are expected to exist on every operating system.

dcfldd is an enhanced version of GNU dd with features useful for forensics and security. Based on the dd program found in the GNU Coreutils package, dcfldd has the following additional features:

  • Hashing on-the-fly - dcfldd can hash the input data as it is being transferred, helping to ensure data integrity.
  • Status output - dcfldd can update the user of its progress in terms of the amount of data transferred and how much longer operation will take.
  • Flexible disk wipes - dcfldd can be used to wipe disks quickly and with a known pattern if desired.
  • Image/wipe Verify - dcfldd can verify that a target drive is a bit-for-bit match of the specified input file or pattern.
  • Multiple outputs - dcfldd can output to multiple files or disks at the same time.
  • Split output - dcfldd can split output to multiple files with more configurability than the split command.
  • Piped output and logs - dcfldd can send all its log data and output to commands as well as files natively.

Brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and more. 

command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture.

SANS QUICK Reference TCP/IP and tcpdump - http://www.sans.org/security-resources/tcpip.pdf

Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity, and helps you to:
 •use the Internet anonymously and circumvent censorship;
 all connections to the Internet are forced to go through the Tor network;
•leave no trace on the computer you are using unless you ask it explicitly;
•use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.

The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files. It does not contain non-troubleshooting tools like the BSOD Screen Saver or NotMyFault.

HP's fantastic SWFScan Adobe Flash de-compile tool and basic 'security scanner'

Stormpath provides developers with Identity and Access Management tools to bolster security in any application. There is a free developer's version, as well as these paid versions: pro, premium and enterprise.

The tools do the following:
 1.Hosts and Deploys user directories in the Cloud
 2.Authenticates users and secures their passwords with one click
 3.Manages hierarchies and RBAC with a drag-n-drop interface or API
 4.Drops in code for user workflows like password reset, account verification and locking
 5.Handles all the user security maintenance, so the user is ahead of attackers
Free Features:
- 100,000 API Calls
- Unlimited Users
- Unlimited Groups
- Full API Access
Paid Features:
- Pro: Adds Custom End-user Emails
- Premium: Adds AD/LDAP Integration
- Enterprise: Adds 100% Uptime SLA

Page 1 of 16

Warranty Disclaimer

Warranty Disclaimer: The FBI, InfraGard, and its affiliates provide information, including but not limited to software, documentation, training, and other guidance to be known as “materials”. The materials are provided as-is and we expressly disclaim any and all warranties, express or implied, including, and without limitation, the implied warranties of merchantability, fitness for a particular purpose, non-infringement, quiet enjoyment, and integration, and warranties arising out of course of dealing or usage of trade. You agree that, as between you and the FBI, InfraGard, and its affiliates, you are responsible for the outcome of the use of materials made available, including but not limited to adherence to licensing requirements, and taking legal and regulatory considerations into account. There is no guarantee of accuracy, completeness, timeliness, or correct sequencing of the information provided.