Recently, I challenged the GIAC/SANS GCFA exam. And I am excited to say I passed and have obtained the GCFA certificate!
This was one of the more detailed courses I had taken in awhile. The IR and Threat hunting sections were not as new to me. However, the memory and forensics section were very deep and detailed. Normally, most organizations will contract out major forensic type of work to 3rd party external partners. So, the forensics section was something I do not work on as often. But I found learning and getting the knowledge of various ways malware can hide in memory, or how to detect Time stomping attacks from malware was extremely fun and exciting to learn. Feeling incredibly grateful to learn about all these new attack techniques and detection mechanisms.
The course will prepare you for the exam and cover topics and tools that you will be tested on. There is a lot of material to learn in the course. So, dedicate a good amount of time towards learning the course material and all the concepts. The class itself was amazing especially when you get into Memory Analysis, File system analysis and the Anti-forensics sections.
Getting Microsoft Certified for Azure Fundamentals
I decided to challenge the AZ-900 Exam, as I got a Microsoft voucher for a free exam attempt. So, I decided to give the exam a crack. Basing it off other peer’s experience, who had already taken this exam. The consensus I had heard is that it should be a simple exam if you have used Azure before and worked on different services (e.g., IaaS, PaaS, SaaS.) I probably spent about less than 8 hours prepping, as I felt the topics seemed general and things I have already been exposed too.
Prepping to take the exam
My personal experience with Azure is that I have worked with it for 3+ years. If you have spent a lot of time in the Azure environment building things, configuring things and managing different items. You will have no problem challenging this exam. Most of the concepts are related to everyday tasks that you would be working on. Or tasks you would have been exposed to at some point while engineering designs in Azure.
So, just before the end of a remarkably interesting and odd 2020 year. I decided to go ahead and take the FOR 508 class on Advanced Incident Response, Threat Hunting, and Digital Forensics. I felt this was a course that could really benefit security practitioners for understanding best practices & methods related to IR. As well as, learning new techniques for threat hunting in a large enterprise environment. I decided to put up a post listing our what you can plan to learn from this course should you decide to take it.
Winning the Coin
One of the coolest parts of the class is Day 6 (more details listed later). You get a chance to join into teams and compete in a class APT Threat group challenge. The team that wins the CTF gets an award in the sign of a special course specific SANS Coin. On top of that, SANS will add your name to the Community DFIR Coin holders list! It is a great achievement, and I have to say the challenge was very realistic and fun to tackle.
For anyone looking to conduct some in depth forensics on any type of disk image. Autopsy is a great free tool that you can make use of for deep forensic analysis.
It has been a few years since I last used Autopsy. I recall back on one of the SANS tools (SANS SIFT). Back then I felt it was a great tool, but did lack speed in terms of searching through data. It appears with the most recent version of Autopsy that issue has been drastically improved. On top of that, machines have also become much faster using SSD’s and tons of more CPU and RAM power.
This time around, I’ve decided to make this
blog post as a Part 1 of many several parts that will be released. There
is just too much Azure security information to put up in a single post. So, my
plan is to make multiple posts over time.
Azure has many great security features that not everyone may be aware of right from the start. This post will focus on some key areas of Azure, and how it can better enhance the security of the environment. Key focus will investigate security best practices for Azure.
My name is Harry Taheem - | CISA | GCIH | GCFA | GWAPT | GSEC
I am a Cyber Security Engineer.
My aim is to post things I learn or find interesting and allow others to hopefully gain some more insight. I also plan on posting general IT related issues, as I’d like StealthBay to be a place where IT users can find some form of knowledge and education. And, hopefully I can learn a few new things from other users as well who also wish to share their own experiences and knowledge.
My name is Harry Taheem - | CISA | GCIH | GCFA | GWAPT | GSEC
I am a Cyber Security Engineer.
My aim is to post things I learn or find interesting and allow others to hopefully gain some more insight. I also plan on posting general IT related issues, as I’d like 
