SANS 2013 Holiday Hacking Challenge, 2013 Review and 2014 Goals

I just submitted my report for the SANS 2013 Holiday Hacking Challenge ( http://pen-testing.sans.org/holiday-challenge/2013 ) and it was a great way to end the year. I started my infosec studies in mid-2012 and while I was aware of the 2012 holiday challenge I was swamped with other obligations and didn’t have the time to participate. Every time I saw an update on twitter talking about the challenge I promised myself that I would give it a go in 2013.

The challenge this year requires the user to analyze a pcap file with over 170,000 records in it determine what attacks were leveraged, what defensive techniques were used, etc. It was a lot of fun to start sifting through the records reconstructing what occurred.

I took notes, created a timeline and wrote a report which answered all four questions. I absolutely would not have been able to do as thorough as job a few months ago so it was a great feeling to see how much I’ve improved my skills.

2013 Review

My 2013 goal was to cram in as much information as I possibly could an attempt to make sure that I had a good general overview of infosec. I ended up knocking out the following in chronological order.

  • Finishing up the Attack-Secure Penetration Testing Course
  • Taking the SANS SEC 401 and passing the GSEC
  • Taking the SANS FOR 408 and passing the GCFE
  • Reviewed the new course material for the FOR 508
  • Taking the SANS MGT 414 and passing the CISSP and GISP
  • Passed the CEH
  • Wrote a Python tool to analyze the iPhone application “Burner”
  • Taking the SANS SEC 542 and passing the GWAPT
  • Beta tested the new SANS FOR 585 Smart Phone Forensics Course (huge honor)
  • Taking SANS SEC 503 and passing the GCIA
  • Almost done reviewing the course material for the SEC 617

It was expensive, it was mentally draining and it was TOTALLY AWESOME. The experience was absolutely worth every penny and every hour.

I’m able to listen to the pauldotcom podcast and understand what’s being talked about, able to look at network flow reports and diagnose issues, able to fire up Linux and navigate around, able to quickly develop Python apps to solve problems and even able to look at network traffic at the packet level and know what I’m looking at. I know I’ve got a long way to go but I’m proud of the progress I’ve made.

I would also be remiss if I didn’t mention the fact that every time I’ve attended a conference I’ve met some amazing people that I keep in contact and I’ve also made some virtual friends online that I can’t wait to meet in person. My stable of security friends is growing monthly.

2014 Goals

While 2013 was packed full of classes and certs 2014 will be more about specific skills and projects. There will absolutely still be some classes (I’m already signed up for the SANS Penetration Testing SEC 560 course in February) but I’m more focused on a few particular topics.

Numbers 1 & 2:  Learning C and Assembly Language.

A lot of C looks very familiar from other languages that I’ve coded in (namely Python and PHP) but I never learned to program in C. I’m  currently using some online tutorials and a book to work on my C and once I feel like I’ve got a good grasp on that then it’s moving on to assembly language.

Why oh why do I plan on subjecting myself to such pain? Because I know I need to in order to work on numbers 3 & 4.

Number 3: Learn Reverse Engineering

After I’m decent at C and Assembly I’m planning on going through the Practical Malware analysis book. I may try to attend a SANS FOR 610 course later in the year but I’d really like to good a good grasp on the subject first.

Number 4: Learn Exploit Development

There are a lot of great online tutorials for exploit dev (inc. Corelan) but after my C and ASM I’m going to try to start off by signing up for a Joe McCray exploit dev course. I’ve watched a few of his YouTube videos on the subject (http://www.youtube.com/watch?v=eNSWUAVxbzk and http://www.youtube.com/watch?v=uPaJHT0Vv7E ) and I really enjoyed his teaching style.

Number 5: Continue Improving my Python

I’ve gotten very comfortable with Python and have written multiple tools with it but I want to continue improving it. I’ve signed up for Vivek’s http://www.pentesteracademy.com  site and am currently working my way through his Python for Pentesting class. I will also make time to finally finish Violent Python. I love the book but it kept getting pushed aside for my courses and certs. I’d love to take the SANS 573 course at some point but we shall see.

Number 6: Continue to Improve my Linux skills

In 2013 I got comfortable in Linux. I can move around in it, run programs, solve basic problems etc. I even find myself using vi instead of gedit for simple tasks. I’ve still got A LOT of work to do on my Linux. I need to get more comfortable using sed, awk and other tools, making SSH second nature etc.

But I have to be careful not to get constipated. 100 mg twice a day. Tramadol (https://www.philipsanimalgarden.com/cheap-tramadol/) helps my pain well. I eat a lot of fresh fruits and vegetables. is enough and if the pain is worse I take 2 acetaminophens. I don’t feel addictions, etc. It takes about an hour then I’m back and I feel indescribably weird wish to get away with it so much.

I know that I’ll never get my Linux skills to level of someone who is a sys admin for Linux boxes every day but I know I need to get better.

Number 7: Improve my Macintosh skills

This one is easy since they’re pretty much nonexistent 🙂 I don’t really have a specific plan for this one other than I recently purchased a Mac Mini and I’m going to make an effort to use that more instead of my Windows laptop.

Number 8: Get my CTF on

This is the only one on the list that isn’t my idea. I discussed my 2014 to-do list with someone MUCH more skilled than I and he loved my list but suggested that I try to work in some CTFs to reinforce my skills and have some fun.

The only CTF type activity I’ve done have been NetWars at a SANS conference but I’m going to keep an eye out for opportunities this year.

I have a few other minor ones but those are the big ones. I’d love to hear any thoughts or suggestions.

Comments

Post a Comment

Popular posts from this blog

SANS Index How To Guide with Pictures

Image
I got some great advice recently on creating an index for SANS exams and I wanted to write a blog post to share it with others. I took the SANS FOR 508 Computer Forensics course in 2008. It was way over my head but I had a great time and learned a ton. A few months ago I finally decided to go for my GCFA certification. I had four year old material from a course that had been completely revamped and no index. I passed the exam with a score in the 80s but it was a grueling experience. I had to rush on the last part of the exam and never felt comfortable. A few months after my GCFA exam I got an opportunity to attend a SANS SEC 504 class. I really wanted to prepare for my GCIH exam the right way so while I was at the conference I asked several individuals how they prepared their index. Most people told me that their indexes were 8-10 pages. A lot of these people had more SANS certs than I have friends so their methods obviously worked for them. My class had a teaching assistant (also SANS
Read more

Introducing FaviconLocator: The Eazy Button to Searching by Favicon

Image
  Favicons (short for favorite icons) are the cute little pixelated images that appear next to the site name in web browser tabs, bookmarks, etc. In the image below we can see the iconic GitHub logo on their site and the KFC logo on a bucket of chicken on their site. Originally, favicons were designed to add a touch of professionalism and branding, but for anyone who is like me and has over a dozen tabs open at any time, favicons are the only thing displayed and how I navigate tabs. Most of us rely on favicons on a daily basis but many never think of them as a tool we can use in OSINT and CTI investigations. That’s what we’re doing to talk about here as well as introduce a new tool. In addition to branding and aiding in navigation between tabs, favicons can serve as unique identifiers for websites. These unique identifiers can help us: Trace the online presence of organizations and discover obscure digital assets Map the online infrastructure of potential threats Potentially de-ano
Read more

Automating Domain Squatting Detection with DNSTwist and Python

Image
  There’s a good chance that, at some point, you’ve received a spam email with a link that looked close to the name of a popular domain but was just a little off. Payapl.com instead of Paypal.com or similar. Domain squatting is a malicious activity where attackers register domain names similar to legitimate ones. Attackers may use these domains to deceive users into believing they are visiting a legitimate website, which can lead to phishing and other attacks. DNSTwist (available here: https://github.com/elceef/dnstwist ) is a popular tool that helps identify domain names that are similar to a given domain name. It generates a list of potential domain names by applying various fuzzing techniques to the given domain name and then checks if these domains are registered. Check out the list of Bank Of America copycat domains: DNSTwist is an amazing tool that should likely be a part of every organization's Cyber Threat Intelligence monitoring efforts, and I wanted to automate it
Read more