Three things I’m currently trying to work on, but there never seems to be enough time.
- CSEC630 class work
- Python
- Malware Traffic Analysis exercises
CSEC630:
Class is kind of depressing. A lot of reading PDFs, since we no longer have text books in the program, and we learned this week we don’t even have access to all of the PDFs.
I wonder why I’m taking a class where the lab assignment is to run the VM with SNORT on it and answer some questions. I would rather see something like “here is a pcap and net flow. Using the information provided create snort rules”. This class is supposed to be a Master’s of Science course in Cybersecurity, but to be honest the work and readings are like 100 to 200 level stuff. Or at least what I think are that level.
Every weekly reading we do, I wonder why we’re not doing the kind of research we are reading about. This is supposed to be a Master’s of Science and there isn’t much science to it. Some of the readings are just bad; where the academic papers’ authors didn’t talk to the people who have to use the stuff they writing about.
Classes eat up too much time, and I wonder if I’m getting any value from them. I don’t think I am. Which makes me wonder how much value my Degree will really be.
Python
Still working with Violent Python, Gray Hat Python, Black Hat Python and Automating OSINT. But I’m finding it hard to find time to work through the stuff, and a little disappointed that they are all Python 2. I’m really at the point that if you are still writing Python2, the product isn’t worth the time. Charles L. Yost’s talk at Derbycon “Python3 It’s Time” really colored my view on that.
If a tool is written in python 2, I’m left wondering about the author’s commitment to the software, and its security. Which reminds me, I should get a SD card, and test my git hub scripts (written in Shell script) for the RPI Wids stuff. See if I have update or branch the code for newer RPis.
Malware Traffic Analysis exercises
I miss playing with pcaps, I just don’t seem to spend the time I used to in TCP dump or Wireshark. I read Chris Sander’s Practical Packet Analysis second edition a couple of years ago. But over time stopped using it. There is a new edition coming out by the way. Anyway, Malware Traffic Analysis looks like it might be fun, and a decent way to get back in to the swing of things.
Though I think from an Incident Response and Threat Intelligence standpoint it’s a little limited. It only gets the lower level data from the Pyramid of Pain, from what I seen so far. IP addresses and Domain names. If the pcap has a referrer, it might get a little be more data. I’m curious how much of the Kill Chain and Diamond model the traffic analysis will fill in. I think that is one thing I’ll do when I get to the exercise. I got Wireshark prepped. Now it’s just a question of finding time to practice.
Work
Work has been reading company security policy, industry standards, and Federal Regulations and Recommendations (NIST). I feel a little isolated, but the work space isn’t designed for solo reading, it’s designed for open collaboration. Which means to not be distracted and focus on the reading I’m listening to isolating pink noise.