Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

3/11/2010
12:56 PM
John H. Sawyer
John H. Sawyer
Commentary
50%
50%

Challenge Yourself To Be Better

If you've been in the information security field for more than six months, then you know it's vital to stay on top of the latest threats, tools, and news to be effective at your job. That's why many of us love the field so much--it's always changing. And it challenges us.

If you've been in the information security field for more than six months, then you know it's vital to stay on top of the latest threats, tools, and news to be effective at your job. That's why many of us love the field so much--it's always changing. And it challenges us.Part of the challenge is keeping our skills honed, even when certain skills aren't ones we use on a daily basis. A good example is incident response and forensics. For some, that's a daily task, but for others, we could go a month or two, maybe longer, before we have to dust off our copy of the Sleuthkit or EnCase to perform forensics on a hacked system. For situations like this, it's important we're ready when duty calls.

There have been a few different forensic challenges posted during the years. The best were from the Honeynet Project, which was very consistent with good challenges and excellent write-ups. The updates stopped for a couple of years, but have been recently resurrected with new challenges posted during January and February.

The previous Honeynet challenges contained more disk- and file-based forensic analysis, including things like real hacked systems and fictitious stories with accompanying files needing analysis. The newer challenges are more network-based, looking at traffic to determine what has happened to the particular systems under attack. The current challenge is relevant to the attacks we currently face because it includes a network capture of a client-side attack against a Web browser.

One of my new favorite sources of forensic-related challenges are from the Network Forensics Puzzles Contest site. The challenges are written by Jonathan Ham and Sherri Davidoff. There have been four puzzles posted since August 2009, and the current one is still accepting submissions for another week. Not only are the challenges fun and interesting, they also promote the sharing of information and creation of tools to be shared with the community.

Both sites are excellent learning opportunities because they keep the challenges up along with top write-ups submitted, and as an added bonus, the Network Puzzles site hosts the tools created during the solving of the challenges. I highly recommend you run through the challenges if you're involved in any type of incident response and forensics. The challenges are pretty consistent with incidents we're currently seeing, and they help get you in the investigative mindset.

John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-28026
PUBLISHED: 2021-03-05
jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a denial of service.
CVE-2021-27907
PUBLISHED: 2021-03-05
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The javasc...
CVE-2021-20663
PUBLISHED: 2021-03-05
Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and ea...
CVE-2021-20664
PUBLISHED: 2021-03-05
Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlie...
CVE-2021-20665
PUBLISHED: 2021-03-05
Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and ear...