Journey into Security - Part 2

I was fortunate enough to work with some incredibly talented people in my journey into security, who helped me understand difficult concepts, some of which I am still learning.

  • Cryptography
  • Windows Internals

Two skills I believe are absolutely key to working in security because no matter where you go inside security you'll need an intimate understanding of both, so that's where i decided to start, i was working on user virtualistion software, this is, in essence, a reflection of roaming profiles, and using some magic to ensure a consistent user experience across all platforms, including physical and virtual desktops, not limited to stuff like published desktops from Citrix, Vmware & Microsoft. 

I furthered my understanding by buying a couple of books..

Internals

Internals

Learn that sh*t

I probably refer to at least one of these books once a week for a function or the parameter of a service, partially because I have a terrible memory. In that role, I was automating some of the work I was doing and came across tools like psexec, sysmon and the rest of the toolkit. So like any analyst, I automated some of my testings and begun to explore the rest of the tools.

Process Monitor & Explorer - thank you, Mark and Bruce!

I used this to troubleshoot registry problems, identify login issues and generally understand what was happening during login. A low-level way of examining & testing bugs that I was trying to non-programmatically troubleshoot.  

Little did know that during the troubleshooting I would identify malware infection in my own lab, I was able to track this down using some of the inbuilt filters which captured the process running when I visited a certain site. This was the moment I knew I was interested in malware. I didn't have any idea what it was capable of but I knew how to identify it and how to remove it.

Moving on

I was 'content' at the role I just mentioned, and had a passing interest in security, but became more and more fascinated by some of the articles being published online I attempted a few ctf's and failed miserably, I didn't know what I was doing, and although I was curious - I took defeat very badly, and personally. I was persistent - I started visiting some forums and asking questions, i joined kernelmode.info and starting reading the content, copying and learning.  I also learnt of Lenny Zeltser as part of my research and found this which was at version 5 i think when i discovered it, and it included cheat sheets on taking apart malware! I was saved, i had step by step guides on using the tools I had watched, and learned a lot (Thank you, Lenny!)

I had a keen interest in attending FOR610 and joked ' i would give my first born to go', the reason was that it was super expensive. I learnt an awful lot on this course and still refer to the course materials to this day, both Lenny and his colleagues are incredibly helpful, approachable and clearly enjoy what they do. 

I've spent a few years at Fujitsu now and learnt more than I can possibly write down here, but some of the highlights included working alongside great people, and being fortunate enough to work at the NCSC as part of the previous Fusion Cell, and now known as Industry 100. Representing Fujitsu on a number of occasions all over the world, and attending Blackhat & DEFCON. Speaking at conferences on behalf of my employer is something i am incredibly proud to do, and something which impresses my daughter even more - which is all that matters.

Giving back

I have the opportunity to share what I know and have learnt. This kind of opportunity is something that gives me an incredible feeling of gratitude knowing I am assisting those who need to learn, like me I forever refer to myself as a 'noob', because when you realise you know everything, you realise you know nothing. The opportunity in question is working alongside some talented people at CTU in Prague on a project called CivilSphere working remotely to protect those vulnerable from being targeted. I have always been impressed by the work done by the likes of CitizenLab and was inspired to try and be part of this protection network. I am very thankful to Sebas for this opportunity, and all the talented people at CivilSphere.

Next Steps

I will be leaving Fujitsu in a few weeks, to start a new role at Proofpoint. I look forward to learning more interesting concepts, and being a noob all over again.