Popular Posts

  • Some light reading?
    With all of my traveling lately, I have not been able to work with metasploit as much as I would like.  In my spare time, I have been readi...
  • Pwn Plug
    Wired has written up a really interesting article on a new device called the Pwn Plug that allows easy access to networks.  The device all...
  • This is all so overwhelming...
    If you have spent any time looking into information security I'm sure you've had the same thoughts I have had.   "Oh malwar...
  • Auditing Companies
    While browsing the forums, I have come across some informative, and sometimes hilarious, reports of auditors working with clients.   This f...
  • Getting Started
    There's a lot of exposure to security right now.  It's an extremely hot topic and someone wanting to learn more about this field ma...

Wednesday, July 11, 2012

This is all so overwhelming...

If you have spent any time looking into information security I'm sure you've had the same thoughts I have had.  

"Oh malware is cool."  

"Penetration tests are straight from an action flick."  

"I worked in an IT department...so my job title can be something like systems administrator...maybe throw in assistant or something."

"I've built a few computers, I can handle any job."

Well I've learned that I don't have even basic understandings on some of these areas.  Following professional blogs and other forums is a good place to start.  It appears that being a systems administrator requires a lot more basis for starting than I anticipated.  I have worked with group policies and some Symantec virus protection management software but there is so much more that I find myself googling on the side.

There are many different areas of information security and I'm going to provide some of the most useful links I have found so far and what they pertain to.  Currently, I have two chrome windows open with about 15 tabs each.  Obviously this is too much information to filter through and understand at one time so this is also a bookmark for myself.


/r/malware - Since I have started looking into malware analysis I have learned that you can't understand anything until you experience it.  Everywhere you search online will suggest finding malware samples and offer tools or guides for analysis the sample and learning from it.  One negative side to this Reddit is that it only has 2,600 readers.  This reddit does offer good information but if you need answers here, it will probably be a while before you get a response.

This post offers a great starting place to pick up some samples as well as find guides and tools for working with the samples.  WARNING*  When working with malware and through infected sites always be sure to use a virtual machine to protect yourself.  This is paramount to you and your machines safety. /warning

A lot of the stuff I have read also hints at reverse engineering.  I only know some Java and have no idea where to start on reverse engineering.  I keep reading C and C++ and Assembly and have no knowledge of these languages currently.  /r/ReverseEngineering has created a great thread on introducing this idea to beginners.  This thread introduces the tools used and training resources for learning to use them properly.

For Systems Administrators, here is a good post on useful tools.

I have definitely bitten off more than I can chew by continuing to find useful resources I want to learn and understand better.  I'm trying to focus on penetration first but the rest of these topics will be hit in later posts.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)