Posts

Showing posts with the label Forensics

Hacked? How to respond!

Image
Lets Talk Hacking First Hacking comes in many shapes colors and sizes these days. It could be a single system being taken over by malware, or it could be a cloud account that has access to 20 systems, development keys, and ability to reset other users credentials. There is a wide range of ways to gain access to information in today's modern infrastructure landscape. Some of the more common types is system and account compromise. Both can lead to each other given the right scenarios, and sometimes neither is necessary for compromise of information. Such as a website that has an exploit which leaks information it shouldn't. Finding evidence of these may come in various flavors as well. Such as an antivirus detection alerting but not quarantining, or a network detection tool flagging a suspicious pattern of callback-like activity. In both of these example cases, you'd want to further investigate. In this post, we'll walk through doing this under the system compromise persp...

GCFE - Training Techniques

Image
GCFE I often see where people took or are taking certifications and list how they went through the materials. So lets do one of those posts. Here's the latest thing I'm working on passing. I already have worked in DFIR (Digital Forensics & Incident Response) and have other GIAC Certifications (GREM), but I found many people don't find that suitable for evidence of forensic capabilities and have since started demanding certifications such as GCFE and GCFA. As google show it 'GCFE is often seen as intermediate, while GCFA is considered advanced or the "gold standard"'. That said, reviewing older versions of Sans500 course work, I think there's some nuances that trip me up and I definitely got caught up with while taking the practice tests.  So basically, when you sign up for course and test together (like $10k USD, its insanely expensive that companies expect you to already have this instead of being willing to fund someone getting it) you get the ab...