One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 379939 |
| Date de publication | 2017-06-29 13:00:00 (vue: 2017-06-29 13:00:00) |
| Titre | Data Carving in Incident Response - Steps Toward Learning More Advanced DFIR Topics |
| Texte |
Introduction
I have been in information security since March 2010, when I got out of the Navy after navigating nuclear submarines for almost 7 years. Little did I know that with this change of career, I was about to be in for the ride of my life.
I have been steadily progressing as a "blue teamer" or enterprise defender this whole time and have undertaken learning one of (what I believe to be) the most difficult blue team trades: reverse engineering malware. The purpose of this blog is to allow readers to follow along if they want to get into the trade as well as to force me to take actual notes periodically.
Background: The Beginning
To understand my background, here is a graphic showing my career progression:
I started my career with only basic fundamental knowledge of information security. However, applying the work ethic and desire to excel I learned in the Submarine Force, I set out to become the best information security professional that I could. My first job out of the Navy was not very technical. I realized this and enrolled for both online and in-person training. I took a UNIX and Linux class in person and that itself has taken me far. I use Linux or a UNIX variation often in my current role and have used it in my past two roles as well.
I learned auditing as part of being a government employee, so that I could assess the security of systems to support them, attaining Certification & Accreditation (C&A; now known simply as Authorization in the federal space). I continued to push myself to learn technical concepts and refine my knowledge. After I left the federal government and came back to the same agency as a contractor, my former supervisor commented that I "was too technical to be a 'govvie'."
As a UNIX administrator, I was able to unleash my theoretical knowledge and be at ground-zero for technology. I was involved with patching and remediation, system migrations from PA-RISC to Itanium, and modernization of the web experience.
Over the course of a few years, I had already worked as an auditor, a systems engineer, and a Senior UNIX Administrator focused on security, and had completed my undergraduate and graduate degrees in Information Security as well. At this point, I wanted a change and wanted to be closer to family, so I accepted a job as Director of IT Security/ISSO in Atlanta.
Background: 2013 to Mid-2017
When I started this job, I was afforded something I had never had before: freedom and latitude. I found that I could be as technical as I wanted to, as long as it didn't cost much. Over time, I learned how to administer Active Directory, Group Policy, McAfee ePO, Tenable Security Center, Gigamon, and Sourcefire. Prior to this role, I had only managed HP-UX and Red Hat servers. It felt like a knowledge explosion to have a chance to learn so many new things.
As Director of IT Security and ISSO, I had to revisit my roots in Governance and Regulatory Compliance (GRC) in writing Policies and Procedures to meet federal and contractual requirements. Beyond this, I was able to build on my technical foundation and deploy, analyze, and maintain various technologies as well as participate in "Hack the Pentagon." This was a confidence booster and a challenge. I had no other security people to consult internally. I had to learn to make things work in an efficient and secure manner.
As time went on, things changed with the contract, the management, and the team. Within three years, I had outgrown my position. There was no more opportunity for development or upward mobility and things were beginning to feel toxic. I felt like I was losing my passion for Infosec. Luckily, Sword & Shield came to my rescue. I began my |
| Envoyé | Oui |
| Condensat | $29/mo $3500 $3700 $4398 $50 $5000 $5000+ $5910 $689 1& 2010 2013 2016 2017 610: @chrissanders88 @cxstephens @maddiestone able about absolutely accepted accreditation acse act active actively actual actually addition additional additionally administer administrator advanced advantage adventure afforded after again agency alienvault all allow allows almost along alongside already also alternatively always analyses analysis analysis: analyst's analyze and/or any anything applying are are: arm around ask asked assess assessments atlanta attaining attempt attempted attending auditing auditor author authorization autopsy awe awesome back background background: basic became because become been before before: began begin beginners beginning begun being believe below best better between beyond big binary bird black blog blogs blue book booster bootcamp both brew bsides build business businesses but butt c&a; cake came camp can capability captures career caroline carried carve carved carved data carving case center certificate certification certified cfreds challenge chance change changed charm chose chris chris' chronicle cincy circumstance class closer code collection combating come command commented common compile compiler compiling complete completed completing compliance compromise computer concepts conclusion concurrently conditions conducted confidence conquer considered consistent consult consultant continue continued continuing contract contractor contractors contractual cookbook corresponding corresponds cost could couldn't course course: courses courses: crash crea crea; create credentials current currently custom cybrary damage data date debugger debugging decided defcon defender defensive degrees demonstrations depend deploy desire destination determine developers: development development: dfir dictate did didn't different difficult digital directly director directory disassembly discovered disk distribution dns does doing downloaded droplet dummies during dynamic early easy education efficient either else embark employee end endorsed engineer engineering enrolled enterprise epic epo ethic ethical even events ever exam excel execute execution expect expensive experience expert explanation exploit exploitation explosion exposed expressions familiar familiarity family far federal feel felt field figure file files final finally find first focus focused follow following footer for610 force foreign foremost forensically forensics former forward found found: foundation framework free freedom friendly from fundamental fundamentals furthermore gap gathered gave gcc gdb get getting gigamon github gives glitchy glutton gnu going gone good got governance government graduate graphic grc grem ground group gui gxpn hack hacker hackers hacking had happen happier hard has hash hat have header held help her here hexadecimal hold homework honing hope hopefully host how however icing ida identify illustrious image images imagined immunity impeccably incident incidents include includes indicators inexpensive infections information infosec initially installed instead institute instructor intense intention intentionally intercept interested intermediate internally internet intro introduction invaluable involved ironed isso itanium itself job journey kate keep kicking kind kits know knowledge known large las lascon later latitude laundry learn learned learning left lenny level life like line linux list little logging long looked lookups losing lost lot luckily machine maddie maintain maintained maintains make makes malice malware malware; man managed management manner manually many march mark material math mcafee measure meet mentee mentioned mentor met metasploit mid middle might migrations miner mingw minimalist minimize missing mobility modernization months more most much myself mysterious naturally navigating navy need needed network networks never new next nist normally not note note: notes notions now nuances nuclear obtain ocean october offensive offensively often ollydbg once one onethawt online online: |
| Tags | |
| Stories | Wannacry APT 32 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.