At the end of last year I was invited few places (CentralPA Open Source, BSidesDFW, & BayThreat) and gave a talk about some of the work I’ve done to adapt Hubot, GitHub’s friendly-ish chatbot, and GitHub’s Chat Ops workflow for DFIR. While it was great to get the ideas out there’s a lot to deploying, using, and customizing VTR. So this is my extended breakdown of ChatOps, Hubot, Hubot-VTR, and building modules in CoffeeScript....
On 5/5 was lucky enough to be invited to speak at an education technical conference Tech Talk Live Cyber Security Symposium. I wanted to do something new, something different. I’ve long been an advocate of intelligence driven incident response, but had never seen a sufficiently useful presentation to introduce this complex but powerful work flow to others. So I tried to make one. Presentation Overall I was pleased with how the talk was received....
Update: Yeah… Jekyll was great and I had a lot of fun with it, but I’ve since moved off it to Medium. There’s lots of cool stuff you can do with Jekyll, but in the end the need to develop posts with a text editor and a Ruby environment lost out to a convenient iOS app. So it’s been more days than I’d like since my last blog, sadly since I’ve been dealing with some discomfort in my arms along the lines of an RSI, something I plan on discussing more....
I’ve been lucky enough to play in a number of computer attack & defend (sometimes only one or the other) Capture The Flags. They’ve been some of the best learning experiences I’ve ever had and a ton of fun. It really compresses all of cyber security, minus that boring policy stuff, into a smaller time frame. Even with all the benefits there is one tough part: you can’t always spend a weekend in a friends basement with a pallet of Redbull or on the floor at DefCon CTF....
In an effort to improve my “Unix” skills I’m trying to do more and more on the command line, such as writing this blog. This has worked out for me in a lot of ways, making much of my work faster, less environment dependent, and easier to reproduce/script. I’ve learned lots of tricks to help with this, but recently came across one of the best ones: Aspell. First a confession: people get into the computer industry for lots of reasons....