Hi I鈥檓 Scott 馃憢

Network Defender, developer, speaker, writer, author of O鈥橰eilly鈥檚 Intelligence Driven Incident Response, & SANS instructor. Bad guy catcher.

zsh for Rational Mortals

zsh If you haven鈥檛 heard of it Z Shell (also known as zsh) it is a modern shell that works in place of a shell like bash (either as a default or in my case post install choice). A shell is a funny thing though: 95% of computer users don鈥檛 know about shells at all, 3% know about it but don鈥檛 give it much thought (just run what you鈥檙e told), and for the last 2% it鈥檚 one of the most important parts of a system....

June 5, 2019 路 5 min 路 Scott J Roberts

Building Better Security Presentations

I鈥檓 a person who loves a good presentation. I love building them, giving them, and watching them. I鈥檓 also a person who knows they take time and effort. Like any creative process what that time and effort looks like is different for everyone. Here is my process: Write The Abstract Now I鈥檓 very aware step one should of course be doing all the research and then building the presentation, but that never happens....

October 27, 2017 路 24 min 路 Scott J Roberts

The Crash Override Chronicles: Overall

Source: Public Domain Pictures In the first post of the CRASH OVERRIDE Chronicles I outlined my plan for reviewing Drago鈥檚 CRASHOVERRIDE report in order to build an understanding of the ICS threat landscape, key technologies, and ultimately one of the major actors involved. This second installment is a run through of the whole report calling out areas I need to focus on learning & investigating. The first step was simple: _Read the report....

August 16, 2017 路 8 min 路 Scott J Roberts

The Crash Override Chronicles

I鈥檝e been lucky and had a really wide variety of experiences in information security throughout my career. Government & non-government. Vendor & practitioner. Finance & dotcom. I鈥檝e seen a lot of stuff. It鈥檚 to the point that I get even more excited about the stuff I鈥檝e never done. One of those moments happened a few weeks ago when the Dragos team released their Crash Override report. Full Disclosure: I know a few of the folks over at Dragos and consider them friends but friends that value good, even critical, analysis....

August 8, 2017 路 3 min 路 Scott J Roberts

Familiarity Breeds Contempt: APT Edition

Here鈥檚 a familiar scenario: A new threat is being whispered about. Maybe your office has someone with special access of some kind and they鈥檙e being a bit more secret squirrely than usual. The mailing lists you鈥檙e on are a buzz about a new piece of malware or vendor code name. You keep hearing about a paid only report that tells all. APT 46: EMPEROR PENGUIN is coming! When your boss asks about EMPEROR PENGUIN you have to say you don鈥檛 know much鈥 but you鈥檝e heard they鈥檙e very good, very advanced, well funded, with great opsec鈥 obviously a serious threat aimed at hard targets (which your organization obviously is)....

August 4, 2017 路 7 min 路 Scott J Roberts

CTI Reading List

A few weeks ago while teaching SANS FOR578 one of my students asked a great question by a student: What books or papers should a new cyber threat intelligence analyst read first? It鈥檚 a question I鈥檇 meant to answer before so instead of just sending back an email (I mean, I emailed back, HI MATT, but along with that) I figured I鈥檇 write up my list and have something to reference next time I get asked....

July 18, 2017 路 7 min 路 Scott J Roberts

Crash Override Chronicles: Victim

Victim Sites & Technology So all of those things were term or bits about generalized grid operations. What about the actual victim in this case. What was the equipment affected? Where was it? Ukrenergo According to Reuters: Kovalchuk said the outage amounted to 200 megawatts of capacity, equivalent to about a fifth of the capital鈥檚 energy consumption at night. There鈥檚 an interesting piece of data. 1/5 night capacity means one gigawatt (1000 megawatts) of total consumption at night....

January 31, 2017 路 3 min 路 Scott J Roberts

The 鈥淲hat happens when you use a browser?鈥 Question

Source: Screenshot Go into a tech interview, especially one for operations or security, and you鈥檙e more than likely going to get an interview question like this: 鈥淲hat happens when you put a URL in the address bar of a browser and hit enter?鈥 I鈥檝e been on both ends of this question, asked it and answered it. I鈥檇 like to look at what the answer is (or at least one answer), why it鈥檚 good, why it鈥檚 bad, and what could be better....

January 19, 2017 路 12 min 路 Scott J Roberts

2017 Goals

Source: Flickr Ahh January 4th. It鈥檚 that time of year to review 2016 and think about what鈥檚 coming in 2017. Let鈥檚 start by looking at what I kicked off 2016 with: _While not being much for New Years Resolutions (though I do love fireworks) last year I shared some professional goals鈥medium.comA Year Later鈥娾斺2016 Goals Did I get it all done or fail miserably? Source: Pinterest Here is the breakdown:...

January 4, 2017 路 4 min 路 Scott J Roberts

United States Response to Grizzly Steppe

Kremlin from the River. Source: Wikipedia. Here it is. After weeks of wondering if and how the United States Government might respond the United States White House, State Dept, Treasury, and US-CERT have released information on and sanctions against the Russian government鈥檚 efforts to influence the United States elections. I offer all this without too much analysis given I鈥檝e just seen it myself and expect it will take a long time to digest....

December 29, 2016 路 4 min 路 Scott J Roberts