You can use SCCM to do patch management. There is also Dell Kace and other tools where a "agent" on the system will issue the updates accordingly.

Good books for this cert
Malware: Fighting Malicious Code - Made by Course Writer Lenny Z. and Other Sans Instructor Ed S.

Malware Analysts Cookbook

and this book and you will be all set.

Amazon.com - Forensics Books

Tools to use:

Try some live CDs:
SIFT Kit from SANs sans.org

CAINE http://www.caine-live.net/


Resources online - google for these sites
Security Tube
Forensic Focus
Forensic Wiki

Rapid7
Dell SecureWorks
IBM ISS

Ordered!!! thanks!

This also brings the question, if you deploy a honeypot are you "leaving your doors unlocked" so to speak. Meaning you would be unable to charge the intruder for trespassing on your network as you invited them in.

Yes, i think the direction i am going with this is not introducing new malware, but analyzing a current sample of malware to "see what it does", if that code does something harmful to others are you liable for the damages it caused.

I was having a debate with a coworker of mine about the liability of the analyst when performing Behavioral Analysis of Malware which has a capability to "touch" the wild (www). I know the most ideal environment for malware analysis is a isolated network sometime it is not practical to be able to get the full function of the sample. I know many firms do perform analysis with live samples in the wild, what type of risks are they taking with the malware if it is redistributing to other computers in the wild and/or harboring child pornography?

I have changed up my 2012,

I am not going for GCFA, I will be taking a digital forensics masters course instead

I want to go for CISA, CISSP and GSEC (to get GSE)

p0et, Look into some MSSPs such as ISS, Google, Secureworks, Verizon, Trustwave. They all have entry level security positions where if you do your time they have consulting and research jobs you can move up into.

Do you need to make one specifically or can you just use one already out there, there are many.

SIFT Kit
Helix
Sleuth kit
Backtrack
etc...

Here are some titles to search for,

Security Analyst
Jr. Penetration Tester
Information Security Associate/Analyst

GSEC, even though i havent taken it... yet, looks like it has some good stuff in it. I think it is a step up from the Sec+ and the main thing about SANs tests is you want to get a feel for them it is a good cert to start with in general.

On a side note the GPEN does cover python, but no too deep. OSCP is where you will need the py skills more.

I posted the the other forum also, but B.S. definitely

My guess if you look at captures.

you are scanning

x.0, x.1,x.2,x.3,x.4

nmap scans
x.1 - gets response
x.2 - gets response
x.3 - gets response
x.4 - gets response
x.0 - (network scan) gets response from x.1,x.2,x.3,x.4
Nmap now goes.. oohh more things to play with so it scans all the ips that respond.
x.1 - gets response
x.2 - gets response
x.3 - gets response
x.4 - gets response

= 9 instances.