So, just before the end of a remarkably interesting and odd 2020 year. I decided to go ahead and take the FOR 508 class on Advanced Incident Response, Threat Hunting, and Digital Forensics. I felt this was a course that could really benefit security practitioners for understanding best practices & methods related to IR. As well as, learning new techniques for threat hunting in a large enterprise environment. I decided to put up a post listing our what you can plan to learn from this course should you decide to take it.
Winning the Coin
One of the coolest parts of the class is Day 6 (more details listed later). You get a chance to join into teams and compete in a class APT Threat group challenge. The team that wins the CTF gets an award in the sign of a special course specific SANS Coin. On top of that, SANS will add your name to the Community DFIR Coin holders list! It is a great achievement, and I have to say the challenge was very realistic and fun to tackle.
For anyone looking to conduct some in depth forensics on any type of disk image. Autopsy is a great free tool that you can make use of for deep forensic analysis.
It has been a few years since I last used Autopsy. I recall back on one of the SANS tools (SANS SIFT). Back then I felt it was a great tool, but did lack speed in terms of searching through data. It appears with the most recent version of Autopsy that issue has been drastically improved. On top of that, machines have also become much faster using SSD’s and tons of more CPU and RAM power.
This time around, I’ve decided to make this
blog post as a Part 1 of many several parts that will be released. There
is just too much Azure security information to put up in a single post. So, my
plan is to make multiple posts over time.
Azure has many great security features that not everyone may be aware of right from the start. This post will focus on some key areas of Azure, and how it can better enhance the security of the environment. Key focus will investigate security best practices for Azure.
One of the most exciting parts of the BCAware conference was getting to meet Brian Krebs live in person!
During his talk he shared some interesting topics such as how
cyber criminals are using websites similar to https://haveibeenpwned.com/
Except, that these “other” websites will actually list out
the users leaked password(s) in plaintext. And, with this method attackers can
now attack various social media, banking and other commonly used services
online to possibly find valid emails/passwords to accounts.
Another topic was related to how cyber criminals determine how much money to ask for during a
ransomware attack. The typical amount seems to point at about 10% of total
revenue a business makes from the previous year. This way, they do not ask for
too much or too little. It gets close to an amount that the organization can
afford, and finds would be cheaper than to recover from backups or rebuilding
the environment.
I’m proud to announce that I have now obtained my SANS – GIAC GCIH certification. It was a long process, and I pushed myself to get it done before the start of the New Year – 2020.
New SANS GIAC changes to exams
One thing that was particularly new
for me compared to the other 2 SANS exams I’ve done was the lab questions. SANS
with GIAC now has added a section that tests your knowledge through a virtual
lab. Now, I have to say I think it’s actually pretty awesome! It puts your real
world skills to the test to see if you can actually can apply needed practical
skills. It also gives companies assurance that their employees are also getting
and being tested on real hands on work and not just theory based topics.
My name is Harry Taheem - CISA, GCIH, GWAPT, GSEC.
I am a Cyber Security Engineer.
My aim is to post things I learn or find interesting and allow others to hopefully gain some more insight. I also plan on posting general IT related issues, as I’d like StealthBay to be a place where IT users can find some form of knowledge and education. And, hopefully I can learn a few new things from other users as well who also wish to share their own experiences and knowledge.