.

GREM Here I come...

<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Fri Aug 06, 2010 1:04 pm

GREM Here I come...

Firstly I would like to thank everyone on the forum for voting for me for Blackhat even though I could not attend. Secondly, I would personally like to thank Don and the EthicalHacker.net framework concept he has with this site. It's not everyday that I've come across a site where I can learn from (because I do) and actually help others or at least try to share with others anything I've learned. With that said, along comes the long rambling (in usual fashion) ;)

After winning July's contest, I was fortunate enough to be able to sign up for the GREM in lieu of SEC-542/SEC-504. Both those courses I'm almost positive are excellent courses however, I'm familiar with many core topics and have been moving more towards reversing so it made sense to at least beg SANS to let me swap any of those for the GREM. (Alright so I just asked and they agreed).

Anyhow, for those who don't know me on a personal level or who haven't corresponded with me via e-mail or other means, I have a dozen plus years of "professional" security experience under my wing. I initially started my foray into computing professionally circa 1991 at a financial institution where I assisted the fraud department in what was then Chemical Bank pre Manufacturer's Hanover merger. From there I moved into the advertising industry (J Walter Thompson, Grey Direct) and into "pre-press" production where I got my taste of heavy Unix based systems administration under a slew of different OS' (Irix, NeXT, System 7 (through 7.6 Quadras baby!)) and all different types of networking, AppleTalk, Novell, etc. My first forays into Linux came after I had been using FreeBSD (2.0) in which I began using Slackware followed by OpenBSD, QNX and other operating systems out of hobby (QNX, Tru64, etc.). My main tasks begin in hardcore systems administration, upgrades, keeping things running, trying new things. My first *true* venture into computing though came via my then Coleco Vision Adam ;)

Security came and comes way via a hobby, interest and self-teachings. There were friends in the realm of systems/security (back then), IRC, "the Internet", pre-Internet were BBS', people like RSnake, Tattooman, Spikeman, Chameleon, Vacuum, Bronc Buster, Sinnerz, Technotronic, Rhino9 and a slew of others I've had the fortune to learn from and with and sort of "grow up online with." I'd been fortunate enough to learn from a lot of people in the industry, many of which actually are CSO's now.

Back when I got started, there wasn't much via way of what there is today regarding security articles, books, etc., so the books I recall reading were from the beautiful minds of Bellovin, Blaze, Cheswick, Dorothy Demming and others. My first true "hardcore" glimpse at security from a business standpoint came maybe in 95 from Marcus Ranum via the Lisa Conference where I heard about a system called Aurora. Around this time frame (94-96) I began finding and reading boatloads of information on security that interested me. I also began tinkering with tools like RScan, SATAN, Tiger, Autohack, COPS. Sites that I frequented back then, PacketStorm when it was @ Genocide2600 (greets to Genocide, DoXavG, Ken and others), Kwantaam Pozetron, Fravia and others.

Book after book, application after application. I was sold on determing how to secure whatever it was I was doing. In order to do so, I believed then and still believe now, one needs to understand how to compromise/break it. Fast forward almost 20 years later, here I am. Still reading, book after book, playing with application after application. Attempting to and sometimes writing my own, still tinkering, still fascinated. I've watched and experienced the dotcom "daze" via way of Metromedia Fiber, Starmedia, Register.com and a few others. I've had my share of working for dotcoms, ISP's, MSP's and now an ITSP where I am in charge of developing, deploying and administrating our managed security services. I keep my current employer out of the radar to avoid the downsides of the Internet as I've experienced those downsides in a horrible way once upon a time. (For those wondering where I work, unless I explicitly tell you, good luck finding out).

So what is it I do now. Tough to explain... I work at a "services" based company. We offer a variety of things from VoIP trunking and interop, telecom billing, managed firewalls, routers, pentesting, assessments, etc., etc., etc., If it exists as an IT service, we offer it. The breakdown of a typical of a typical day varies but I would place it at 40% security 20% networking 20% VoIP 10% systems administration/engineering 10% vendor/client/*other* meetings and conference calls. My environment: Juniper (SA, SSG, SRX, JunOS(all types)), Cisco (almost anything and everything), Avaya, Nortel, Foundry, Sonicwall, Session Border Controllers, and this list could be long enough to make someone puke. Because of my environment, I love being able to dabble with anything and everything. It definitely has allowed me to learn a lot more than staying static at another company (we only use Cisco... well we only use Juniper!).

Anyhow, I've been fortunate through the years and have my share of unfortunate circumstances as well. This is life though ;) What do you do when you're handed lemons, you either make lemonade. With this said, I will keep the rambling down and try my best to post on the steps I'm taking to learn and understand GREM content. I've got 4-5 months to play with and get myself ready. So why GREM?!? Well, I've been doing penetration testing for a while before it became a hot topic (my first professional pentest as in 99 to be exact for back then the WWF via a managed service provider) so I'm comfortable with what I know. Why not Incident Response / Handling... Been there done that. Reverse Engineering as a whole is an interesting topic let alone malware. Because I've been slowly teaching myself reversing on the exploit side, it makes more sense for me to take this course. I'm hoping to understand more of the attack vectors used in that realm, to help me as a whole on the defensive realm (network, applications, sessions, etc.)

With the rambling aside, this month I decided to revisit it a lot of topics. Two current books Ajax Security by Billy Hoffman (dusted off) and "The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System" Bill Blunden ;) stay tuned.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Aug 06, 2010 1:16 pm

Re: GREM Here I come...

While my history varies from yours, sil (different employers and customer types, etc,) our paths are similar enough that I can fully appreciate your direction, and your current choice.  Congrats on getting SANS to go for GREM in place of the others, not that I had any doubt they'd allow that, under the circumstances, and knowing their strong reputation for both great training and awesome staff!  Based on what I know, and have read, of / from you, I think you're going to thoroughly enjoy it, and learn a lot from it, as well as maybe contributing some knowledge back upstream, to better it for future.  (Which is what I always try to do, in courses I attend, as well.)  Hopefully, in the future, when I hit a point that i feel like looking at GREM, myself, it'll have some of you in it, in some shape or fashion, and I look forward to that.

Congrats again, and looking forward to your future posts on this, as well as other, topics, my friend!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Fri Aug 06, 2010 3:55 pm

Re: GREM Here I come...

haha! Even before opening this thread I thought to myself 'This is going to be Sil', and here you are. :D
Good luck for the course and hope to read a review from you.

Funny, that the amount of experience you've is almost exactly equal to my age. I fully agree with your thoughts about EHNet. It's a great community and of all the forums I'm in, members here are the most helpful and polite even with newbies. To top it all, Don always amazes us with great giveaways. I'll always be grateful to him for giving me the opportunity to take eLearnsecurity's PTP. I'm a final year college student (and that's the reason I stay away from questions pertaining to professional experience ;) ) and with eCPPT and hopefully CCNA by the end of this year I guess I'll be ready to enter the 'job world'. I personally want to study more (M.tech), but if I screw up my entrance test, I'll perhaps be taking up a job (anything related to networking or system administration). I learn a lot of things by interacting with members here and reading posts and hopefully will be able to contribute back to this forum.
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Fri Aug 06, 2010 4:22 pm

Re: GREM Here I come...

Equix3n- wrote:Funny, that the amount of experience you've is almost exactly equal to my age.


What I've come to conclude is, every year I've been "online" seems like dog years. To me I can go back and state "wow remember mozaic!" to someone else and they'll be puzzled. I can recall back in the 90's constantly having to explain winmodems under Linux and BSD. Heck I can remember my first attempt at writing a "how to secure your linux box" (http://www.ussrback.com/docs/papers/uni ... s.v1.1.txt) while running around through networking explaining DoS attacks (http://www.ouah.org/protocol_level.htm) before DDoS, Trin00 was a thought (http://staff.washington.edu/dittrich/misc/ddos/).

So yea :( I feel old. But never too old to learn ;)
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Mon Dec 27, 2010 12:37 pm

Counting down to the GREM...

So this next month (January) begins the long awaited GREM vLive training and exam for me. While I've been waiting I haven't had as much time to study as I would have like to, so this week, I think I will take the time to go back and re-read some of the books I bought specifically for malware analysis. Although none of these books are mentioned in any site related to the GREM, I thought they'd help me along the way and they may help you too...

Malware Forensics: Investigating and Analyzing Malicious Code - If you've never read any of the books Eoghan Casey has written, you don't know what you're missing. Eoghan has some excellent forensics books and this one is no exception (although he is a co-author). So far, it's an alright book but it hasn't had that "a-ha so that's what I was missing!" more like a "a - got it now..." since many of the tools and processes written in the book are overlapped with things I already learned. What I like so far is the cross-collaboration with Forensics versus incident response. Sure I want to contain malware (incident response) but this book enables me to look at it from the dissection phase (forensics) and the best part so far (IMO) is the *nix chapters as I am not a Windows fan.

Malware Analyst Cookbook - Steve Adair is a member of a group I'm on and I've always respect him and what he has to say

Rootkit Arsenal - MUST HAVE MUST HAVE MUST HAVE ... Although not in any shape form or fashion related to malware analysis, this book has definitely been helping me think outside the norms. Why? It's because it's written to teach one HOW to be covert... HOW TO WRITE ROOTKITS. With this said, it enables me to think counter-offensively and forensically... "I wonder if the attacker did..."

Anyway, will likely update this as time progresses. Right now, I singled out a standalone machine to use for testing (Windows XP SP3 + VMWare + REMnux) will update this post with the tools as listed on Lenny Zeltser's page.
<<

dante

User avatar

Jr. Member
Jr. Member

Posts: 58

Joined: Wed Jul 21, 2010 10:17 pm

Post Tue Dec 28, 2010 3:24 am

Re: GREM Here I come...

This thread is definitely going to be help me as I am teaching myself RE for CREA. I will document my journey once I complete the certification.

Thanks sil.
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Wed Dec 29, 2010 10:06 am

Re: GREM Here I come...

dante and sil, I am looking forward to read your appreciations of GREM and CREA!

As a note, on December 25th, at 7:20am when everyone was still asleep, I was coding in Assembly to get ready for going deeper into this field. Yes, I too have no life!  :D
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Wed Dec 29, 2010 10:29 am

Re: GREM Here I come...

H1t M0nk3y,

I was awake at 7:20am on Dec. 25....I'm awake every day before 7am....Its called being a parent...

"There's nothing sadder in this world than to awake Christmas morning and not be a child." --Emma Bombeck
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Wed Dec 29, 2010 10:36 am

Re: GREM Here I come...

Hey, I am a parent too!

My two daughters (6 and 8 year old) were still asleep while I was coding!
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Wed Dec 29, 2010 11:17 am

Re: GREM Here I come...

In that case, you really don't have a life!!!  ;D

I have a 3 year old and one on the way....and I'll sleep as late as they'll allow me to....

It's okay, though, I can't remember the last time I stayed up late on New Year's Eve, so I guess I don't have a life either.  :-[
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Wed Dec 29, 2010 11:58 am

Re: GREM Here I come...

I look at it as: building up my life NOW to enjoy later... So if staying up an extra 2 hours per day is what it takes to retire comfortably, I'm game. I usually hit the sack about 12-1am and wake up at 5-6am. This is on a daily basis. I have a 9 year old who thinks he's 18 ;) and I have an 18yo who thinks he's 14... The shocker comes out, I have a son who is potentially older than some of you readers ;)
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Wed Dec 29, 2010 12:38 pm

Re: GREM Here I come...

We can definitively tell who is older and who is younger on this site!

At 35, I am probably somewhere in the middle, maybe a bit above the average.

On other sites, it is funny to see a bunch of teenagers thinking they know it all while on other sites, you have a bunch of old guys who think they still know it all!

But the truth is we all know close to nothing! ;D
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)

Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software