Off Topic: Unicode Right-to-Left Override character used by malware

Here’s an interesting thing for you security types to be aware of.  Many of you probably are careful to screen attachment types to make sure that you don’t unintentionally execute code that might be malicious. Malware authors have discovered that by embedding a unicode control character in file names, they can cause the file name…

1

An interesting logging regulation that doesn’t apply to Windows event logs…

I was browsing around looking for logging regulations and stumbled across this.  It’s the United State’s federal regulation on EDRs – Event Data Recorders – installed in automobiles. EDRs are little log engines, like the “black box” flight data recorders on commercial airliners.  They are typically part of the airbag system on an automobile. They…

3

Decoding UAC Flags Values in events 4720, 4738, 4741, and 4742

In Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, there are four events that contain a user account control (UAC) flags value: 4720 – user account creation 4738 – user account change 4741 – computer account creation 4742 – computer account change This value is a bitmask value, and it’s represented…

0