SANS@Night

I got home from Orlando the day before yesterday.  My spouse went to training.  He took the children and I along to Orlando so that we could have kind of a vacation.  I say "kind of" because anyone who has been on vacation with children knows that it is still 24/7 watching the children.  Magnify that times 100 at the parks because they want to do everything.  They got me onto a couple of roller coasters-they were the baby roller coasters, but anyone who knows me knows that I am not a fan of rollercoasters.  My middle child takes after me; he doesn't like the roller coasters either.

Someone arranged for me to get a SANS Guest badge.  I attended a SANS@Night.  I wish that I had more opportunities to attend the SANS@Night talks.  My spouse was in a bootcamp style course, so he didn't get out until most of the SANS@Night talks were over.  Someone, AKA, me had to watch the children.

I absolutely loved the SANS@Night talk that I attended.  It was "Malware Analysis for Incident Responders:  Getting Started" by Lenny Zeltser.  I never thought of reverse malware engineering as being in the realm of possibilities for myself as far as career aspirations.  I thought that I needed extensive programming skills as well as knowledge of assembly.  Turns out, that isn't so.  I can explore malware with less knowledge than I thought.  Don't get me wrong, I still want to learn as much as I can.  I want to know how things work.  I just realize that I shouldn't be intimidated, and I should just try and see what I can do.  I plan on firing up Remnux and looking at some of the resources that I was given in the SANS@Night talk.

Currently, I'm still doing the Linux Foundation Training.  I'm looking at the evidence for the Black T-Shirt challenge.  I don't actually plan on submitting anything for it.  I just find that it's good practice.  I used ewfmount to mount the E01 files that were given in the challenge.  It's pretty neat that I can see everything on that drive and use tools like bulk extractor to automatically get information off of the disk for me.  I'm trying to see if I can use Volatility on one the images now that I have it mounted.  Not sure if that is possible.  I'm going to keep researching about it.