.

[Article]-Interview: Lenny Zeltser of Savvis and SANS Institute

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Jul 02, 2010 2:34 pm

[Article]-Interview: Lenny Zeltser of Savvis and SANS Institute

An eager EH-Netter was recently at a SANS event and took the opportunity to interview a forensics expert. Good thing for all of you, that I accepted his submission. Hope you enjoy.

Permanent link: [Article]-Interview: Lenny Zeltser of Savvis and SANS Institute


By Jamy Klein, MSIA, CISSP

According to Panda Labs over 25 million new pieces of malware were released into the wild in 2009. 2010 is expected to be even worse. In addition to sheer volume, malware is becoming more sophisticated and targeted as a result of the influx of organized crime and state sponsors into the realm of malware authoring. Due to this unsavory trend, the SANS Institute has developed a course, Reverse-Engineering Malware: Malware Analysis Tools and Techniques AKA FORENSICS 610, to help white hats that need essential malware analysis skills and also to prepare security professionals for the GIAC Reverse Engineering Malware (GREM) certification. SANS describes FOR610, as:

“Teaches a practical approach to examining malicious software that runs natively on Microsoft Windows, and covers web-based malware such as JavaScript and Flash files. You will learn how to reverse-engineer malicious programs using a variety of system and network monitoring utilities, a disassembler, a debugger, and other tools for turning malware inside-out.”

In my work as a Security Engineer, I am frequently asked to analyze web sites and file downloads for potential infection. This course filled both a professional need and personal interest need for me in malware analysis.  After attending the 4-day course (now officially a 5-day course) at SANS Security West 2010 in San Diego, I sat down with the course author and instructor, Lenny Zeltser, to discuss his background, the course and malware analysis in general.



Thanks Jamy and Lenny,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Sat Jul 03, 2010 2:40 pm

Re: [Article]-Interview: Lenny Zeltser of Savvis and SANS Institute

Nice interview.. GREM is certainly something on my list I'd like to go for sooner or later. However, what I often wonder is why I so often read something like 'no programming knowledge required' or the other way round, that security professionals ask if programming skills are required for a certain course or exam. Of course there are areas in security where one have more or less to deal with programming, however, I think that a security professional should have some kind of programming knowledge, independently on the area one has focused to.
Last edited by UNIX on Sat Jul 03, 2010 2:42 pm, edited 1 time in total.
<<

Bane

Post Sat Jul 03, 2010 9:49 pm

Re: [Article]-Interview: Lenny Zeltser of Savvis and SANS Institute

awesec wrote:Nice interview.. GREM is certainly something on my list I'd like to go for sooner or later. However, what I often wonder is why I so often read something like 'no programming knowledge required' or the other way round, that security professionals ask if programming skills are required for a certain course or exam. Of course there are areas in security where one have more or less to deal with programming, however, I think that a security professional should have some kind of programming knowledge, independently on the area one has focused to.


It really depends on what you define as programming knowledge. I can read enough of it to undestand what most routines do, but could I write a realtion databgase management system or other complex application from scratch? Absolutely not. What SANS and Lenny are trying to say by that statement is that you don't need to be a developer or have completed a prgramming degree to take the course or gain a weatlh of knowledge from the course.

Jamy
<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Mon Jul 05, 2010 11:10 am

Re: [Article]-Interview: Lenny Zeltser of Savvis and SANS Institute

Nice interview. I think that as much as this interview was on Lenny's views on malware analysis, it also focused on what resources, apart from the course, would help a complete beginner to get started in this field. Lenny shared some good links.
Last edited by Xen on Mon Jul 05, 2010 11:30 am, edited 1 time in total.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon Jul 05, 2010 11:17 am

Re: [Article]-Interview: Lenny Zeltser of Savvis and SANS Institute

Also be on the lookout for a full course review coming soon!

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Mon Jul 05, 2010 11:22 am

Re: [Article]-Interview: Lenny Zeltser of Savvis and SANS Institute

That's good. Is the review for the 4-day class or the newer 5-day syllabus?
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon Jul 05, 2010 12:05 pm

Re: [Article]-Interview: Lenny Zeltser of Savvis and SANS Institute

Justin Kallhoff of Infogressive is putting the finishing touches on the 5-day course review.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

KDPryor

Newbie
Newbie

Posts: 2

Joined: Mon Jul 13, 2009 10:07 am

Post Sat Jul 10, 2010 7:29 pm

Re: [Article]-Interview: Lenny Zeltser of Savvis and SANS Institute

Good interview!  I've been checking out Lenny's website quite a bit lately and would love to take his course.  My job doesn't require it and won't pay for it, so it'll be awhile before I can afford to go.  It's more of a personal interest than anything.  I recommend watching the intro to malware video available on his website, it really gives you a great idea of how to start.

Ken
GCFA
Graduate of SANS FOR 508 and FOR 526

Return to /root

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software