June 5, 2019

zsh for Rational Mortals

As someone who’s spent years having to replace bash with zsh in every system I don’t understand this question. I’m a big zsh fan, check out zplug to do some awesome stuff really easily. — Scott J Roberts (@sroberts) June 4, 2019 This post, my first in quite awhile, is inspired by my good friend Phil. I understand these sorts of changes, and why they give people pause, but I see this as a big step forward. Read more

October 27, 2017

Building Better Security Presentations

I’m a person who loves a good presentation. I love building them, giving them, and watching them. I’m also a person who knows they take time and effort. Like any creative process what that time and effort looks like is different for everyone. Here is my process: Write The Abstract Now I’m very aware step one should of course be doing all the research and then building the presentation, but that never happens. Read more

August 4, 2017

Familiarity Breeds Contempt: APT Edition

Here’s a familiar scenario: A new threat is being whispered about. Maybe your office has someone with special access of some kind and they’re being a bit more secret squirrely than usual. The mailing lists you’re on are a buzz about a new piece of malware or vendor code name. You keep hearing about a paid only report that tells all. APT 46: EMPEROR PENGUIN is coming! When your boss asks about EMPEROR PENGUIN you have to say you don’t know much… but you’ve heard they’re very good, very advanced, well funded, with great opsec… obviously a serious threat aimed at hard targets (which your organization obviously is). Read more

July 18, 2016

Golang for DFIR

One of my goals for this year was getting comfortable with a new programming language. I’ve been a Python devotee for a long time and it’s almost always gets the job done, but I wanted a little bit more. There are times Python works against you: Dependency Nightmares: While virtualenv and a requirements.txt file work ok for developers it can often make use by non-developers or some deployment stories quite complicated. Read more

March 30, 2016

CTI SquadGoals — Setting Requirements

Requirements. The first part of the intelligence cycle and the most neglected. According to the appendix of Joint Publication 2–0: Joint Intelligence intelligence requirement._ 1. Any subject, general or specific, upon which there is a need for the collection of information, or the production of intelligence. 2. A requirement for intelligence to fill a gap in the command’s knowledge or understanding of the operational environment or threat forces._ Read more

© Scott J Roberts 2019

Powered by Hugo & Kiss.