The Ethical Hacker Network - [Article]-Interview: Lenny Zeltser of Savvis and SANS Institute

don

Editor-In-Chief
Administrator
Hero Member

Online

Posts: 4165

Editor-In-Chief

[Article]-Interview: Lenny Zeltser of Savvis and SANS Institute

« on: July 02, 2010, 02:34:19 PM »

An eager EH-Netter was recently at a SANS event and took the opportunity to interview a forensics expert. Good thing for all of you, that I accepted his submission. Hope you enjoy.

Permanent link: [Article]-Interview: Lenny Zeltser of Savvis and SANS Institute

Quote

By Jamy Klein, MSIA, CISSP

According to Panda Labs over 25 million new pieces of malware were released into the wild in 2009. 2010 is expected to be even worse. In addition to sheer volume, malware is becoming more sophisticated and targeted as a result of the influx of organized crime and state sponsors into the realm of malware authoring. Due to this unsavory trend, the SANS Institute has developed a course, Reverse-Engineering Malware: Malware Analysis Tools and Techniques AKA FORENSICS 610, to help white hats that need essential malware analysis skills and also to prepare security professionals for the GIAC Reverse Engineering Malware (GREM) certification. SANS describes FOR610, as:

“Teaches a practical approach to examining malicious software that runs natively on Microsoft Windows, and covers web-based malware such as JavaScript and Flash files. You will learn how to reverse-engineer malicious programs using a variety of system and network monitoring utilities, a disassembler, a debugger, and other tools for turning malware inside-out.”

In my work as a Security Engineer, I am frequently asked to analyze web sites and file downloads for potential infection. This course filled both a professional need and personal interest need for me in malware analysis. After attending the 4-day course (now officially a 5-day course) at SANS Security West 2010 in San Diego, I sat down with the course author and instructor, Lenny Zeltser, to discuss his background, the course and malware analysis in general.

Thanks Jamy and Lenny,
Don


	Logged

CISSP, MCSE, CSTA, Security+ SME

UNIX

Hero Member

Offline

Posts: 1234

Re: [Article]-Interview: Lenny Zeltser of Savvis and SANS Institute

« Reply #1 on: July 03, 2010, 02:40:13 PM »

Nice interview.. GREM is certainly something on my list I'd like to go for sooner or later. However, what I often wonder is why I so often read something like 'no programming knowledge required' or the other way round, that security professionals ask if programming skills are required for a certain course or exam. Of course there are areas in security where one have more or less to deal with programming, however, I think that a security professional should have some kind of programming knowledge, independently on the area one has focused to.


« Last Edit: July 03, 2010, 02:42:26 PM by awesec »	Logged

Bane

Guest

Re: [Article]-Interview: Lenny Zeltser of Savvis and SANS Institute

« Reply #2 on: July 03, 2010, 09:49:22 PM »

Quote from: awesec on July 03, 2010, 02:40:13 PM

It really depends on what you define as programming knowledge. I can read enough of it to undestand what most routines do, but could I write a realtion databgase management system or other complex application from scratch? Absolutely not. What SANS and Lenny are trying to say by that statement is that you don't need to be a developer or have completed a prgramming degree to take the course or gain a weatlh of knowledge from the course.

Jamy


	Logged

Equix3n-

Sr. Member

Offline

Posts: 386

Re: [Article]-Interview: Lenny Zeltser of Savvis and SANS Institute

« Reply #3 on: July 05, 2010, 11:10:13 AM »

Nice interview. I think that as much as this interview was on Lenny's views on malware analysis, it also focused on what resources, apart from the course, would help a complete beginner to get started in this field. Lenny shared some good links.


« Last Edit: July 05, 2010, 11:30:05 AM by Equix3n- »	Logged

don

Editor-In-Chief
Administrator
Hero Member

Online

Posts: 4165

Editor-In-Chief

Re: [Article]-Interview: Lenny Zeltser of Savvis and SANS Institute

« Reply #4 on: July 05, 2010, 11:17:08 AM »

Also be on the lookout for a full course review coming soon!

Don


	Logged

CISSP, MCSE, CSTA, Security+ SME

Equix3n-

Sr. Member

Offline

Posts: 386

Re: [Article]-Interview: Lenny Zeltser of Savvis and SANS Institute

« Reply #5 on: July 05, 2010, 11:22:41 AM »

That's good. Is the review for the 4-day class or the newer 5-day syllabus?


	Logged

don

Editor-In-Chief
Administrator
Hero Member

Online

Posts: 4165

Editor-In-Chief

Re: [Article]-Interview: Lenny Zeltser of Savvis and SANS Institute

« Reply #6 on: July 05, 2010, 12:05:48 PM »

Justin Kallhoff of Infogressive is putting the finishing touches on the 5-day course review.

Don


	Logged

CISSP, MCSE, CSTA, Security+ SME

KDPryor

Newbie

Offline

Posts: 2

Re: [Article]-Interview: Lenny Zeltser of Savvis and SANS Institute

« Reply #7 on: July 10, 2010, 07:29:20 PM »

Good interview! I've been checking out Lenny's website quite a bit lately and would love to take his course. My job doesn't require it and won't pay for it, so it'll be awhile before I can afford to go. It's more of a personal interest than anything. I recommend watching the intro to malware video available on his website, it really gives you a great idea of how to start.

Ken


	Logged

GCFA
Graduate of SANS FOR 508 and FOR 526

Pages: [1] Go Up

« previous next »