I recently took and passed the GCFA certification exam for forensic analysis. It was an interesting and educational experience, touching on logfile analysis, memory forensics, deep filesystem analysis, and timeline generation. Most of the content focused on Windows (event logs, NTFS filesystem formats, etc); I’m looking forward to finding a matching course with a Linux focus.
I recently took and passed the ISC2 CISSP . The certification covered a broad range of topics, most of which I was already familiar with from experience as a software engineer. Those areas I was less familiar with included legal and procedural requirements around risk assessment, physical security, and the theory behind encryption and permissions management.
What I’ve been working on for a while now: Cisco Remote Scripts
With the introduction of Remote Scripts powered by Orbital, a search and response feature of Cisco Secure Endpoint in either the Advantage or the Premier tier, incident responders can respond to sophisticated threats with minimal business disruption, and administrators can provide an overall safer and better user experience. Remote scripts harness the power of Orbital Advanced Search capabilities, which provides hundreds of prepared queries curated by Cisco’s Talos threat intelligence group, allowing you to quickly run complex queries on any endpoint.
In the early days of the internet, and even before that, there was a distinct difference in the terminology used for the people who obtained unauthorized access to computer systems. The term hacker meant someone who created an interesting hack, usually something interesting that used a system – not necessarily even a computer system – to do something outside its design intent. A Rube Goldberg machine is a good example of a hack. So is playing music with printers . Conversely, cracker was applied to people who broke into computer systems for nefarious purposes. There was often some overlap between the two, as people making interesting hacks often didn’t have authorized access to the systems they were using.
I recently took and passed the GCIH Certification . It’s primarily focused on understanding how attackers behave, the tools they use, and why those tools do the things they do.
Last weekend, I took the certification exam to become a GIAC certified incident handler . Both the exam and the course material leading up to it were interesting enough to deserve a few comments.
One thing I was moderately surprised by in the SANS course was the initial focus on Linux shell tools and Windows Powershell. I’ve been using Linux for a long time, so there weren’t any surprises there. The Powershell material was new to me.