Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

3/11/2010
12:56 PM
John H. Sawyer
John H. Sawyer
Commentary
50%
50%

Challenge Yourself To Be Better

If you've been in the information security field for more than six months, then you know it's vital to stay on top of the latest threats, tools, and news to be effective at your job. That's why many of us love the field so much--it's always changing. And it challenges us.

If you've been in the information security field for more than six months, then you know it's vital to stay on top of the latest threats, tools, and news to be effective at your job. That's why many of us love the field so much--it's always changing. And it challenges us.Part of the challenge is keeping our skills honed, even when certain skills aren't ones we use on a daily basis. A good example is incident response and forensics. For some, that's a daily task, but for others, we could go a month or two, maybe longer, before we have to dust off our copy of the Sleuthkit or EnCase to perform forensics on a hacked system. For situations like this, it's important we're ready when duty calls.

There have been a few different forensic challenges posted during the years. The best were from the Honeynet Project, which was very consistent with good challenges and excellent write-ups. The updates stopped for a couple of years, but have been recently resurrected with new challenges posted during January and February.

The previous Honeynet challenges contained more disk- and file-based forensic analysis, including things like real hacked systems and fictitious stories with accompanying files needing analysis. The newer challenges are more network-based, looking at traffic to determine what has happened to the particular systems under attack. The current challenge is relevant to the attacks we currently face because it includes a network capture of a client-side attack against a Web browser.

One of my new favorite sources of forensic-related challenges are from the Network Forensics Puzzles Contest site. The challenges are written by Jonathan Ham and Sherri Davidoff. There have been four puzzles posted since August 2009, and the current one is still accepting submissions for another week. Not only are the challenges fun and interesting, they also promote the sharing of information and creation of tools to be shared with the community.

Both sites are excellent learning opportunities because they keep the challenges up along with top write-ups submitted, and as an added bonus, the Network Puzzles site hosts the tools created during the solving of the challenges. I highly recommend you run through the challenges if you're involved in any type of incident response and forensics. The challenges are pretty consistent with incidents we're currently seeing, and they help get you in the investigative mindset.

John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Exploiting Google Cloud Platform With Ease
Dark Reading Staff 8/6/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16219
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2020-16221
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2020-16223
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2020-16225
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2020-16227
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a user. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute a...