Development Planning 2024

By: adricnet, In: education, Tags:

Some thoughts and links about some of the things I’m thinking about for professional development and education for the year

Read More

Perfect Threat Intel Report Ideas

By: adricnet, In: cybersecurity, Tags:

What would make up the perfect cybersecurity threat intelligence (CTI) report to receive, ingest, automate around? Honestly, even any three of these things makes for a great report. More context and detail are better, if the report author / information sharing organisation can support it.

Read More

Other Interview Questions You Might Ask

By: adricnet, In: mentoring, Tags:

Collecting a number of questions that might be informative to ask in job interviews, for practice and mentoring usage. You probably can’t/shouldn’t ask all of these, might not get an answer, and “No” isn’t bad. Deliberately excluded are most compensation and benefits questions which you should definitely ask about. People have different needs and priorities, so getting more information helps everyone make better decisions. Hope this helps!

Read More

Planning 2022

By: adricnet, In: education, Tags:

Some thoughts and links about some of the things I’m thinking about for professional development and education for the year

Read More

DC404 AMA

By: adricnet, In: education, Tags:

I did an AMA with my home hacker club in Atlanta, GA: DC404

Read More

Study Plan '21

By: adricnet, In: education, Tags:

Nearly half-way through a busy year I think I know what I’m working on … especially after dropping out of college again after trying it again for a couple years. I’m dividing up my time and attention mostly between the two skillsets that I’ve used so far and see myself continuing to use at $dayjob and beyond.

Read More

GSE Study Again

By: adricnet, In: education, Tags:

Herein are a few notes on my prepping to renew my GSE as traditionally made and posted before taking the exam. I’ll be taking the renewal exam shortly and won’t be able to comment about it. For my backstory try my previous GSE study post (2017) and for more info on GSE see the official site: https://giac.org/gse .

Read More

Mailbag VM tools question

By: adricnet, In: education,malware, Tags:

From the Mailbag: a VM tools question

A question came in via mail this week: “I see that there is Windows-based security distribution flare-vm. I am wondering the difference between REMnux and flare-vm.

Read More

GSE Study and Prep notes

By: adricnet, In: education, Tags:

Herein are a few notes on my journey towards GSE as traditionally made and posted before the exam. For more info on GSE see the official site: https://giac.org/gse

Read More

Hunting words

By: adricnet, In: hunting, Tags:

Some words about hunting including some perspectives from different sources

Read More

Netcat practice

By: adricnet, In: Tools, Tags:

This morning with much coffee I’m working between email to practice netcat between hosts for GSE, PWK, and generally building good character.

Read More

Professional Development and Education 2016

By: adricnet, In: education, Tags: gist

Some fairly detailed notes on the classes I taught, took, conferences I attended, fees, and other professional development and education expenses in 2016, for discussion

Read More

ARP attack classwork

By: adricnet, In: Network Analysis, Tags: imported, ittam

After looking at the tables with the MAC address for awhile I looked up the OUI online and substituted them in, hoping to catch something I’d missed. Indeed there was a third MAC from a third manufacturer in the discussion. All three OEMs make network gear as well as endpoint systems.

Read More

Email Input

By: adricnet, In: notes, Tags: imported

Notes on email-based file submission to analysis platforms

Read More

Breakin Into InfoSec

By: adricnet, In: Careers, Tags: imported

@adricnet presented this at DC404, Sept 2016 PDF of slides here: http://dfirfiles.net/myslides/breakin_dc404_2016.pdf

Read More

Hunting Tips

By: adricnet, In: Security Operations, Tags: imported

Hunting investigations should be SMART, and more over must have a scope and a terminating condition. Measurement can be simple success/fail (did we find it?) or the number of incidents and/or SIEM/IPS rules generated or updated.

Read More

Emily's Photos

By: adricnet, In: File Analysis, Tags: imported

Emily sent me so many copies of this executable in the last couple days that I decided to take a look:

Read More

Blacklist Failures

By: adricnet, In: File Analysis, Tags: imported

As I’ve mentioned before one of the things I’m self-studying these days is file analysis. The chosen text is the most excellent Practical Malware Analysis (red with the alien autopsy cover). The authors include lab exercises to demonstrate the analysis techniques from each chapter and they are freely available, so buy a couple copies of the book, such as from the publisher’s site.

Read More

Poke Science

By: adricnet, In: Education, Tags: imported

How to Learn About $SYSTEM Security General techniques for developing better understanding about security functions and asserting confidence in them

Read More

Powershells

By: adricnet, In: Tools, Tags: imported

A few examples from the major Windows command line tools

Read More

Email EXEs and Free Tools

By: adricnet, In: File Analysis, Tags: imported

Since I don’t really want someone else’s pictures and didn’t order anything from FedEx this week so I could safely ignore the odd emails coming in with subjects like “Re:” and “Your package is available for pickup” and zip file attachments. But I’m a curious sort …

Read More