The “What happens when you use a browser?” Question

Source: Screenshot Go into a tech interview, especially one for operations or security, and you’re more than likely going to get an interview question like this: “What happens when you put a URL in the address bar of a browser and hit enter?” I’ve been on both ends of this question, asked it and answered it. I’d like to look at what the answer is (or at least one answer), why it’s good, why it’s bad, and what could be better....

January 19, 2017 · 12 min · Scott J Roberts

United States Response to Grizzly Steppe

Kremlin from the River. Source: Wikipedia. Here it is. After weeks of wondering if and how the United States Government might respond the United States White House, State Dept, Treasury, and US-CERT have released information on and sanctions against the Russian government’s efforts to influence the United States elections. I offer all this without too much analysis given I’ve just seen it myself and expect it will take a long time to digest....

December 29, 2016 · 4 min · Scott J Roberts

Waiting vs Passivity in DFIR

From the New York Times: “Review: ‘Hamilton,’ Young Rebels Changing History and Theater” Give it a second, I’ll explain the Hamilton reference to DFIR, but for now let me share one of my favorite songs. Aaron Burr thinks Alexander Hamilton is a brash aggressive brute and believes Hamilton thinks him slow and unwilling to make a decision. Burr then sings this song to explain his true goals: Wait for It by the cast of Hamilton....

December 10, 2016 · 3 min · Scott J Roberts

Python for CND

One thing I constantly harp on while talking to people beginning in the security community is the importance of learning to code. I think it is awful that we have so many security professionals cannot write a line of code. It’s useful for automating common tasks, gathering & manipulating data, almost anything you can imagine. I think everyone should learn some coding and Python is the best place to start....

November 30, 2016 · 6 min · Scott J Roberts

osquery 101 — Getting Started

I admit it… I’m a fanboy. A straight up osquery fanboy. Oh… what is osquery you ask? Good question there sport. osquery allows you to easily ask questions about your Linux and OSX infrastructure. Whether your goal is intrusion detection, infrastructure reliability, or compliance, osquery gives you the ability to empower and inform a broad set of organizations within your company. That’s how Facebook describes it. I’d say osquery is the most effective way available to monitor an OSX or Linux host for security....

January 26, 2016 · 4 min · Scott J Roberts