Archives

now browsing by author

 

The release of Fedora Core 30

Fedora Core 30

Recently, I was asked this question on Twitter:

@telecon
How many ports open on a default install?

https://twitter.com/telecon/status/1123786543527809026

That was in response to a tweet about enjoying the install, and the first day of use of Fedora Core 30.

All things being said, this should be a relatively quick/easy test. I’ll start it off by installing a fresh install of Fedora Core 30 on my virtual-system (kvm).

After the install, I took the time, to create a new user, and reboot the system, then tests will begin.

Doing an nmap post install, and post user-creation:

$] <> nmap -p- 192.168.122.224 -Pn
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 12:45 MDT
Nmap scan report for 192.168.122.224
Host is up (0.00020s latency).
All 65535 scanned ports on 192.168.122.224 are closed (64512) or filtered (1023)

Nmap done: 1 IP address (1 host up) scanned in 14.14 seconds

Then, seen from the localhost:

[testuser@localhost-live ~]$ ss -tua
Netid           State            Recv-Q           Send-Q                       Local Address:Port                                  Peer Address:Port            
udp             UNCONN           0                0                                  0.0.0.0:bootpc                                     0.0.0.0:*               
udp             UNCONN           0                0                                  0.0.0.0:mdns                                       0.0.0.0:*               
udp             UNCONN           0                0                                127.0.0.1:323                                        0.0.0.0:*               
udp             UNCONN           0                0                                  0.0.0.0:49042                                      0.0.0.0:*               
udp             UNCONN           0                0                                     [::]:mdns                                          [::]:*               
udp             UNCONN           0                0                                    [::1]:323                                           [::]:*               
udp             UNCONN           0                0                                     [::]:37380                                         [::]:*               
tcp             LISTEN           0                128                                127.0.0.1:ipp                                        0.0.0.0:*               
tcp             LISTEN           0                128                              ]192.168.122.1:40588           
tcp             LISTEN           0                128                                   [::1]:ipp                                           [::]:*               
Fedora Core 30
Fedora Core 30

After that was completed, I logged into the system, once again, and enabled sshd.service

[testuser@localhost-live ~]$ sudo systemctl start sshd.service 

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for testuser: 
[testuser@localhost-live ~]$ sudo systemctl status sshd.service
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor prese>
   Active: active (running) since Thu 2019-05-02 13:18:50 MDT; 5s ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 2609 (sshd)
    Tasks: 1 (limit: 2352)
   Memory: 1.9M
   CGroup: /system.slice/sshd.service
           └─2609 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-p>
[testuser@localhost-live ~]$ ss -tua
Netid           State            Recv-Q           Send-Q                       Local Address:Port                                  Peer Address:Port            
udp             UNCONN           0                0                                  0.0.0.0:bootpc                                     0.0.0.0:*               
udp             UNCONN           0                0                                  0.0.0.0:mdns                                       0.0.0.0:*               
udp             UNCONN           0                0                                127.0.0.1:323                                        0.0.0.0:*               
udp             UNCONN           0                0                                  0.0.0.0:49042                                      0.0.0.0:*               
udp             UNCONN           0                0                                     [::]:mdns                                          [::]:*               
udp             UNCONN           0                0                                    [::1]:323                                           [::]:*               
udp             UNCONN           0                0                                     [::]:37380                                         [::]:*               
tcp             LISTEN           0                128                                0.0.0.0:ssh                                        0.0.0.0:*               
tcp             LISTEN           0                5                                127.0.0.1:ipp                                        0.0.0.0:*               
tcp             LISTEN           0                128                              127.0.0.1:x11-ssh-offset                             0.0.0.0:*               
tcp             ESTAB            0                0                          192.168.122.224:ssh                                  192.168.122.1:40588           
tcp             LISTEN           0                128                                   [::]:ssh                                           [::]:*               
tcp             LISTEN           0                5                                    [::1]:ipp                                           [::]:*               
tcp             LISTEN           0                128                                  [::1]:x11-ssh-offset                                [::]:*    .

The default iptables load-out on Fedora 30:

[testuser@localhost-live ~]$ sudo iptables -nL
[sudo] password for testuser: 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
LIBVIRT_INP  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
INPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0           
INPUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
INPUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
LIBVIRT_FWX  all  --  0.0.0.0/0            0.0.0.0/0           
LIBVIRT_FWI  all  --  0.0.0.0/0            0.0.0.0/0           
LIBVIRT_FWO  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_direct  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_IN_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_IN_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_OUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_OUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
LIBVIRT_OUT  all  --  0.0.0.0/0            0.0.0.0/0           
OUTPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination         
FWDI_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
FWDI_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination         
FWDO_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
FWDO_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_direct (1 references)
target     prot opt source               destination         

Chain FWDI_FedoraWorkstation (2 references)
target     prot opt source               destination         
FWDI_FedoraWorkstation_log  all  --  0.0.0.0/0            0.0.0.0/0           
FWDI_FedoraWorkstation_deny  all  --  0.0.0.0/0            0.0.0.0/0           
FWDI_FedoraWorkstation_allow  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           

Chain FWDI_FedoraWorkstation_allow (1 references)
target     prot opt source               destination         

Chain FWDI_FedoraWorkstation_deny (1 references)
target     prot opt source               destination         

Chain FWDI_FedoraWorkstation_log (1 references)
target     prot opt source               destination         

Chain FWDO_FedoraWorkstation (2 references)
target     prot opt source               destination         
FWDO_FedoraWorkstation_log  all  --  0.0.0.0/0            0.0.0.0/0           
FWDO_FedoraWorkstation_deny  all  --  0.0.0.0/0            0.0.0.0/0           
FWDO_FedoraWorkstation_allow  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FWDO_FedoraWorkstation_allow (1 references)
target     prot opt source               destination         

Chain FWDO_FedoraWorkstation_deny (1 references)
target     prot opt source               destination         

Chain FWDO_FedoraWorkstation_log (1 references)
target     prot opt source               destination         

Chain INPUT_ZONES (1 references)
target     prot opt source               destination         
IN_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
IN_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain INPUT_direct (1 references)
target     prot opt source               destination         

Chain IN_FedoraWorkstation (2 references)
target     prot opt source               destination         
IN_FedoraWorkstation_log  all  --  0.0.0.0/0            0.0.0.0/0           
IN_FedoraWorkstation_deny  all  --  0.0.0.0/0            0.0.0.0/0           
IN_FedoraWorkstation_allow  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           

Chain IN_FedoraWorkstation_allow (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW,UNTRACKED
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:137 ctstate NEW,UNTRACKED
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:138 ctstate NEW,UNTRACKED
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251          udp dpt:5353 ctstate NEW,UNTRACKED
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpts:1025:65535 ctstate NEW,UNTRACKED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpts:1025:65535 ctstate NEW,UNTRACKED

Chain IN_FedoraWorkstation_deny (1 references)
target     prot opt source               destination         

Chain IN_FedoraWorkstation_log (1 references)
target     prot opt source               destination         

Chain LIBVIRT_FWI (1 references)
target     prot opt source               destination         

Chain LIBVIRT_FWO (1 references)
target     prot opt source               destination         

Chain LIBVIRT_FWX (1 references)
target     prot opt source               destination         

Chain LIBVIRT_INP (1 references)
target     prot opt source               destination         

Chain LIBVIRT_OUT (1 references)
target     prot opt source               destination         

Chain OUTPUT_direct (1 references)
target     prot opt source               destination      

. . . And finally, the last NMAP scan:

$] <> nmap -p- 192.168.122.224 -Pn
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 13:19 MDT
Nmap scan report for 192.168.122.224
Host is up (0.00020s latency).
Not shown: 64511 closed ports, 1023 filtered ports
PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 14.17 seconds

So, to conclude, the default, and @Basic install of Fedora 30, leaves no open ports.

Notary Services – Now provided by 556 Forensics, LLC.

Notary

556 Forensics, LLC. is now proud to offer notary public services for customers located in Colorado.

Call (702) 518-7467 now to schedule notary services now!

If you’re not sure what a notary is, feel free to follow this link, to the Colorado Secretary of State’s office, where they can give you additional information about when/why a notary may be useful! Colorado Secretary of State Notary Page

Technician – How the brain works

A problem. . .

An interesting chore came up for me, at work this week (primary job). I had opened a case with the support team about data not created properly on of our highly used CDNs. After confirming that this was the issue, the support guy at HQ, told me that this issue had been fixed.

Digging through all the information for a second and third time. . .

Digging through all the info again, just for follow-up, I found another repository that appeared to have the exact same issue as the first. Curios, I investigated a little bit more, and now that I had and knew what I needed, I could quickly identify this repo, as another problem. I notified the same support guy at HQ, that I had found another repo with the same issue, and he quickly confirmed the issue there.

This is the big question now, what do you do? Do you let sleeping dogs lie?

After working through this extremely annoying, and somewhat hard-to-find issue with HQ support, and everything, I thought, hey, I think it would be a good idea to ensure that content matches across our various CDNs, as that seems like something that is definitely a concern, for us, and for all our repos of data.

Why should I have to be the one, to recommend to everyone involved, hey, I found this issue, on two of our very large repos, let’s go ahead and do a little bit of research, and make sure this isn’t a problem elsewhere? Why is it only my brain that says, “Hey, we saw this issue in a couple other spots, that are pretty high availability, and in general potentially seen by a large amount of people, let’s go ahead and check the entire system to make sure all is a-ok.”

What’s the right answer?

Coming out of retirement ;-) – An observation into your job-life, as well as your personal life – The way to be

— OPINION PIECE —

An interesting thing has been popping up, in my life recently. In the never ending and ongoing debates we all see on Facebook, one argument piece that I’m seeing used way to much, is making its way down. Not only am I seeing this technique used on Facebook “debates”, but there is also an overwhelming amount of people that live their lives this way. So, not only does it apply to how you “debate” people on Facebook, but a lot of it applies to your everyday life.

Being a “Linux” guy, in a shop full of 30-year Unix veteran is the best way I can describe this. When you explain to a old-school linux guy, that they shouldn’t be stopping their computer system by using the “halt” command, anymore. Sure, an admin can still issue the halt command, but is it the right way to shutdown a linux system? No, no it isn’t.

Then why are you doing things this way. . .

A common thing I hear, again, in my everyday work-life, is, “It worked 25 years ago on an old Unix SysV, it’ll work now.”

You’re right, and you’re wrong. Yes, it once worked, 25 years ago, on your old Unix SysV, and it “sort of” works on modern linux systems. In the end, it would be better if you changed your “halt” ways, and started to make use of shutdown or to go even more modern, systemctl.

The same thing applies into how your approach your personal life, and your Facebook life. . .

The same argument I had about someone’s “work-life” also applies to what I see on Facebook, and social media in general. It is scary, for me to think, that someone wouldn’t approach stuff with an open mind.

In a community group on Facebook, someone posted a picture of merging due to road closure, and was looking for community understanding on how to handle this. Being informed, and relatively well-read on the subject, I noted on the post about the “Zipper” merge theory, on why it works, and when you should and shouldn’t use it.

This is where the “debate” started, and I’m not calling it as a debate, as there was no counter-points brought up in the discussion.

What does it take, for you to see a life-changing difference in the way you’re doing things?

After clearly laying out the discussion, the scientific methods and tests that were performed, why wouldn’t someone just look at it, and say, “You know what, I’m going to give this a try as I drive into work tomorrow.” But instead you say “Eh, baloney, I’m not readin’ no stinkin’ article, and your opinion and scientific facts you brought forward.”

That, in my mind, is where the disconnect happens, again, in personal life, like a Facebook conversation, or debate, or in real-life, at your job.

There are 2 types of people on this planet, those that want to learn new/better things, and those that don’t. . .

Don’t be stuck, thinking your old way of doing something is always the best. Try something new, and you might change the way you drive to work, or the way you shutdown a Linux system.

— End Opinion Piece —

Extra security, but not for security, but for “bots” _OR_ How I embraced the API and learned to love it

Oh Packt, Packt, Packt, why did you do it?

After troubleshooting a lot of issues that I was having with my login for Packt Publishing, I found something, that I found a little bit disturbing, and I would like to reach out to management at Packt Publishing just so that I can get an idea of why they did it.

But what did they do?

Packt recently added captcha’s to their website, in multiple locations to prevent automatic logins, scraping, and automated book downloads.

Why did they do it?

When a scenario like this occurs, there is usually 2 things happening. There is something happening that causes the owner of the website, and usually this means, the owner of the company, wants to prevent something from occurring.

On the other side, there is usually something happening at the user end, for this action to be occurring. Now, it can get tricky here, there are various reasons end-users or customers would use automation; that range from down right nefarious, to purely innocuous reasons.

On the nefarious side of things, a “bad guy” could be spamming forums, product reviews, and many other pieces of the website. I’d like to hear from Packt, to see if this was any sort of concern during the decision-making process to include captcha’s on their site.

On the innocuous side, there are people like me. I automate a login, and a form submission, so I can get Packt’s Free Learning Book of the Day. I also use a script, or a “bot” to download the books that I have either purchased, or acquired free from Packt, through their program, because doing that by hand, would literally take hours upon hours to complete, due to the mechanics of their website.

Irony

Ok, are you ready for it? This is where irony comes in. Packt sells multiple books (by multiple, I mean 30+) on automating tasks, or scripting, or literally on scraping websites using Python. Which is more-or-less what I’m doing.

Packt, please redeem yourself and become awesome at doing what you do

What does this mean? I think what I’m asking for, is Packt to remove the captcha’s from their website, open the site, as it was previously, to allow authenticated users to scrape the necessary info they are trying to get at, and embrace what their user’s or their customer’s want from them and their website.

Step 1

Remove the captcha’s from your website, or if you can somehow claim that they are for security reasons, put them in the exact spot, where you’re trying to stop the auto-posting bots; that is, move them from the login page, or from the Free Learning page, and move them to where the bots are potentially posting malicious information.

Step 2 (this is the whole extend part)

Make it _easier_ for users to get the data that they are after. Create an authenticated API to call up purchased books, and that they wish to download. Make it easier for users to — again, authenticate in — claim the Free Learning book of the day.

Extra Credit — The Challenge

What I want to see is a 3-month ledger on profits/costs, if this is implemented. I would be willing to bet, that profits would be up.

Packt, take the Open Organization challenge and open yourself up.

I’m going to attempt to contact someone at Packt to get these answers, and I will return later, in new posts, if Packt is kind enough to reach back to me, and answer those questions.

New SANS 504 Class

SANS SEC504 - Acting as a Mentor for the SANS SEC504 class

I’m setup to teach the latest SANS 504: Hacker Tools, Techniques, Exploits and Incident Handling (tests for the SANS GCIH certification) class coming up on September 9. The course runs for 10 weeks, and consists of reading the materials and meeting up with me, the mentor, every Friday.

Details can be found on the SANS website here.

Many people ask if the mentor format is right for them, to which I answer, most likely. The mentor format is pretty unique in the fact that it allows you to study at your own pace, gives you access to a mentor, to ask any questions, and doesn’t interrupt a week’s worth of work. We will meet every Friday at 6PM, and go over the weeks worth of questions or anything else you may want to cover.

As always, I’m available to answer any questions you might have about registering for the class, so you can always send me an email at: MikeDawg@gmail.com

SANS – SUPER HUGE NEWS – SEC504 – ACTING AS A MENTOR FOR THE SANS SEC504 CLASS – Last Update

SANS SEC504 - Acting as a Mentor for the SANS SEC504 class

So, I can honestly say, that this will be one of the last, if not, the last post about this course.

As you no doubt can see from the last several posts on my website, I will be teaching the SANS SEC504 course in Denver, beginning February 26, 2016. What this course offers is helping you understand attackers’ tactics and strategies in detail, giving you hands-on experience in finding vulnerabilities and discovering intrusions, and equipping you with a comprehensive incident handling plan, this course helps you turn the tables on computer attackers. It addresses the latest cutting-edge insidious attack vectors, the “oldie-but-goodie” attacks that are still prevalent, and everything in between. Instead of merely teaching a few hack attack tricks, this course provides a time-tested, step-by-step process for responding to computer incidents, and a detailed description of how attackers undermine systems so you can prepare, detect, and respond to them. In addition, the course explores the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence. Finally, students will participate in a hands-on workshop that focuses on scanning for, exploiting, and defending systems. It will enable you to discover the holes in your system before the bad guys do!

We are approaching crunch-time for this class, and this month, is going to be your last chance to register for this class.

No need to travel or be out of the office for a week to take SANS Live
training.  The SANS Mentor Program is bringing Security 504: Hacker
Tools, Techniques, Exploits & Incident Handling to Denver starting
February 26th. Our popular Mentor format meets a few hours a week over
multiple weeks, giving you time between classes to absorb the material
and master the course content.  Class details and information can be
found at:  http://www.sans.org/u/agT

For a limited time, receive the Early Bird Pricing and a GCIH Exam
Attempt at no charge, a savings of over $800!  Register by February
11th.

============================================================
Enter Promo Code: MGIAC16 when registering to receive your GCIH Exam
Attempt at no charge
============================================================

SANS Mentor courses feature:

SANS COURSEWARE
-DOWNLOADABLE MP3 AUDIO FILES
-MULTI-WEEK CLASS SCHEDULE
-LIVE CLASSROOM INSTRUCTION

Course:  Security 504: Hacker Tools, Techniques, Exploits & Incident
Handling
Instructor: Mentor Mike Harris
Start Date: February 26, 2016.  Class will meet over 10 Friday evenings.
Time: 6:30-8:30pm
Tuition: Save over $1000 including the GCIH Exam Attempt at no charge,
if you register this month.
Registration Details at:  http://www.sans.org/u/agT

From the five, ten, or even one hundred daily probes against your
Internet infrastructure to the malicious insider slowly creeping through
your most vital information assets, attackers are targeting your systems
with increasing viciousness and stealth. As defenders, it is essential
we understand these hacking tools and techniques.

Update^3 in regards to SANS Course – You know, the one I said I’d stop doing

SANS SEC504 - Acting as a Mentor for the SANS SEC504 class

Source:  SANS Mentor SEC504 Session and SANS Mentor Page and SANS 504 Flyer

**  Register by November 30th using Registration Code MenOD15 to receive Early Bird pricing and include the OnDemand Bundle at no additional charge.  A savings of over $1000! **

So, just another update, you know, the kind I said I would stop doing. Well, I guess I lied to everyone. I’m going to keep updating everyone, on details; if something new comes out in regards to the SANS SEC504 course. *NOTE* Emphasis is mine.

So, here is the update, from SANS:

No need to travel or be out of the office for a week to take SANS Live training.
The SANS Mentor Program is bringing Security 504: Hacker Tools, Techniques,
Exploits & Incident Handling to Denver starting February 26th. Our popular
Mentor format meets a few hours a week over multiple weeks, giving you time
between classes to absorb the material and master the course content.
Class details and information can be found at:  http://www.sans.org/event/42662

Now, for a limited time, supplement your Mentor classroom work with the SANS OnDemand bundle at no charge! The OnDemand Bundle provides you with four months of online access to our OnDemand e-learning platform, which includes synchronized presentations of quizzes, SANS courseware and video demonstrations taught by SANS’ top instructors.

**  Register by November 30th using Registration Code MenOD15 to receive Early Bird pricing and include the OnDemand Bundle at no additional charge.  A savings of over $1000! **

SANS Mentor courses feature:

-SANS COURSEWARE
-DOWNLOADABLE MP3 AUDIO FILES
-MULTI-WEEK CLASS SCHEDULE
-LIVE CLASSROOM INSTRUCTION

Course:  Security 504: Hacker Tools, Techniques, Exploits & Incident Handling
Instructor: Mentor Mike Harris
Start Date: February 26, 2016.  Class will meet over 10 Friday evenings.
Time: 6:30-8:30pm
Tuition: Save over $1000 including the OnDemand bundle at no charge, if you register this month.
Registration Details at:  http://www.sans.org/event/42662

From the five, ten, or even one hundred daily probes against your Internet
infrastructure to the malicious insider slowly creeping through your most
vital information assets, attackers are targeting your systems with increasing
viciousness and stealth. As defenders, it is essential we understand these
hacking tools and techniques.

SANS Security 504 will help you understand attackers’ tactics and strategies in
detail, giving you hands-on experience in finding vulnerabilities and discovering
intrusions, and equipping you with a comprehensive incident handling plan, this
course helps you turn the tables on computer attackers. It addresses the latest
cutting-edge insidious attack vectors, the “oldie-but-goodie” attacks that are
still prevalent, and everything in between.

Don’t let your organization be compromised. The best offense is a strong
defense! Enroll with SANS!

Update to the update of the update – SEC504 Class News

SANS SEC504 - Acting as a Mentor for the SANS SEC504 class

Source:  SANS Mentor SEC504 Session and SANS Mentor Page and SANS 504 Flyer

Alright, I’ll stop with all the updates. . . Maybe (although, I may have some other updates, soon to follow).

But I do have an immediate piece of news I’m going to release. I’m changing the dates/times of the SEC504 Class that I’m teaching for SANS.

So, here it is. I’m going to be teaching the course on a Friday, as opposed to the originally planned Thursday. The course will now officially be: Fri Feb 26 – Fri Apr 29, 2016

Please check out the new course details at the SANS Mentor SEC504 Session.

What has me most excited, is the format of the class, and the whole Mentor program. The mentor program is great for students who prefer or are forced to study on their own, as opposed to sitting in a 5-day class. How the class format works, is students are responsible for studying the material, and the class meets once a week for a group session of studying, or answering questions.  I am available to students for over 10 weeks, to assist in studying, and answering questions.  I see this as a huge positive, as many of us in the industry are, we are self-learners, and we have taught ourselves to learn on our own. The SANS Mentor program, is a perfect example on learning on your own, and moving at a decently rapid pace.

I am extremely excited to get the opportunity to work with SANS, on this fun and exciting course. It has been my favorite SANS course I’ve attended, and it will be exciting to get to mentor future students in the class and help them on their way to become a SANS GIAC Certified Incident Handler (GCIH).

From the GCIH information page:

Incident handlers manage security incidents by understanding common attack techniques, vectors and tools as well as defending against and/or responding to such attacks when they occur. The GCIH certification focuses on detecting, responding, and resolving computer security incidents and covers the following security techniques:

  • The steps of the incident handling process
  • Detecting malicious applications and network activity
  • Common attack techniques that compromise hosts
  • Detecting and analyzing system and network vulnerabilities
  • Continuous process improvement by discovering the root causes of incidents

 

From the SANS SEC504 page:

The Internet is full of powerful hacking tools and bad guys using them extensively. If your organization has an Internet connection or one or two disgruntled employees (and whose doesn’t!), your computer systems will get attacked. From the five, ten, or even one hundred daily probes against your Internet infrastructure to the malicious insider slowly creeping through your most vital information assets, attackers are targeting your systems with increasing viciousness and stealth. As defenders, it is essential we understand these hacking tools and techniques.

By helping you understand attackers’ tactics and strategies in detail, giving you hands-on experience in finding vulnerabilities and discovering intrusions, and equipping you with a comprehensive incident handling plan, this course helps you turn the tables on computer attackers. It addresses the latest cutting-edge insidious attack vectors, the “oldie-but-goodie” attacks that are still prevalent, and everything in between. Instead of merely teaching a few hack attack tricks, this course provides a time-tested, step-by-step process for responding to computer incidents, and a detailed description of how attackers undermine systems so you can prepare, detect, and respond to them. In addition, the course explores the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence. Finally, students will participate in a hands-on workshop that focuses on scanning for, exploiting, and defending systems. It will enable you to discover the holes in your system before the bad guys do!

The course is particularly well-suited to individuals who lead or are a part of an incident handling team. General security practitioners, system administrators, and security architects will benefit by understanding how to design, build, and operate their systems to prevent, detect, and respond to attacks.

UPDATE – SANS – SUPER HUGE NEWS – SEC504 – ACTING AS A MENTOR FOR THE SANS SEC504 CLASS

SANS SEC504 - Acting as a Mentor for the SANS SEC504 class

Source: SANS Mentor SEC504 Session, SANS Mentor Page, and SANS 504 Flyer

Just wanted to post a little update about this class. I found that if you register for my class, which is taking place in Feb. 2016, in the month of October (read: now), you will also be given all the material for the class via SANS vLive.

In case you don’t know what SANS vLive is, it is their online platform, it allows you live access to top SANS instructors, up to 2 times per week, and gives you an extra push to help you study for your class, and pass your SANS SEC504 GCIH test.

As I mentioned earlier, you have to register for class in October, to have this deal available to you, so please check it out.

Also, feel free to get in contact with me, if you have any questions.