Within incident response, who are the people who actually analyze/reverse the malware sample?
Unfamiliar with the process, but was looking to learn some new skills soon.
🗣HalfQuarter1250

Well anyone with skill, the role doesn't meters and it all depends ofc on complexity. I would say that such specific role is needed only if reversing is done on daily basis... but I would find that hard to believe unless the company is focused on RM. Most of companies, I would assume have analysts that have a strong and weak sides and they do multiple various tasks base on them...It's similar to programmers...some do frontend some to backend programming, some do both - in cyber is just a little more devided by skillet
👤4n6mole

Not to detract from the conversation, but I couldn’t help but notice that nobody has mentioned that in many cases identifying malicious files and code can be performed by several tools specifically designed to analyze payloads and detonate them in a sandboxed environments.

As others have mentioned out side of an AV company or perhaps a larger enterprise/agency, these tools can fill in as “good enough” solutions for budget conscious organizations.

Virus Total.
Any.Run
OPSWAT FileScan.
and a handful of other services with analysis and TI built right in.
👤Missing_Space_Cadet

Some people hire 3rd party malware analyst. Crowdstrike, red canary, mandiant are some examples of these service providers who will bill you either by the hour or per sample.

Some bigger companies have incident responders who specialize in malware analysis so that the same person responding to the incident is also capable of doing the analysis. Some companies also have an entire team that specializes in malware analysis. This team may also include software engineers who develop internal tools to help conduct and facilitate such analysis.

I've worked as a security engineer for companies that span across all of the above
👤_xpendable_


🎖@malwr

AMD 'Zenbleed' Bug Leaks Data From Zen 2 Ryzen, EPYC CPUs: Most Patches Coming Q4
🗣PsyOmega

Netsec used to be ahead of the curve. This is like a 6 or 8 day old vuln now. Fall from grace.
👤Lumpzor

I wonder if the fixes drop performance like spectre? The article speculates but actual testing numbers will be interesting.
👤demunted


🎖@malwr

📍📍📍Forward posts to the other groups 📍📍📍

Russian organised crime and Ransomware as a Service: state cultivated cybercrime - masters thesis from October 22 - posted July 23
🗣digicat

Hey I just wanted to let you know your newsletters are being blocked by trellix as malicious and unreleaseable for the past few weeks.
👤R1skM4tr1x


🎖@malwr

github-actions-goat: GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
🗣digicat

This is a crazy cool project. Thanks for passing along
👤RoseSec_


🎖@malwr

What's a good route to take for a end goal of a job in the federal government?
Currently in a part-time mail clerk contractor job with the IRS and doing a Bachelor degree in digital forensics. I want to gain some experience in digital forensics before I graduate college but don't know what is the better option.

Should I:

1. Stay in my current job and get an internship or volunteer in digital forensics in a police department or PI firm
2. I heard TSA is in the security space so I thought about trying to get a TCO job till I graduate and then pursue full time digital forensics government job
3. stay in my current job and find an internship in digital forensics with the federal, state or local government that may eventually turn into a permanent position when using USAJobs pathways program (if doing federal internship)
4. Do option 3 but without my current job and just the internship(s) at a government organization
5. What other options should I consider?

I am looking into a career at IRS Criminal Investigations, FBI, Secret Service, Homeland Security or other digital forensics type agency after I graduate.
🗣blandsauce203

Good thing you have a clearance - hold onto it. You'll need high-level SANS certs. Where I worked, they used EnCASE. I got a big book and a trial version, and learned as much as I could.

The clearance and the certs were very important. They let seats sit for years if people didn't have those things. They didn't care. Experience was big too. Even though I had a Masters in Cyber, and a CISSP, the fact that I had ZERO forensics experience was what I kept hearing. And I was the Sys Admin for all of the forensics guys.

So, get some experience - and learn about EnCase...
👤cabell88

Hack the Pentagon
👤pah2602

First of all, take a look at the requirements for getting any level of security clearance. If you already have a clean record, keep it that way.

There is always a shortage of people who have a security clearance, there are lots of federal jobs, including contractors, that require a security clearance.
👤bughousenut


🎖@malwr

How I discovered the underground world of credit card network exploitation
🗣jnazario

Fun fact PCI-DSS compliance is a never ending game of cat and mouse. Sometime in 2007 two employees from a mag stripe reader company in the UK, defected and took with them the encryption keys, that company made nearly all the mag stripe readers on the planet. Thus ending point of swipe protection for every mag stripe card forever.

Since then there have been various pass the buck maneuvers to try and place responsibility and blame for security flaws in the processing credit cards around the world. The visa council ultimately blames who ever is at the "point of swipe" as the man culprit and holder of liabilities for processing security. This means that a majority of retail companies are held liable for fraudulent/erroneous charges.

If a company receives an audit for such activity it is normally handed out to a vendor to check compliance. Used to be Security Metrix that handled a lot of visa's audits. The fine use to be $15,000 for the infraction and $5,000 for each actionable fault found on the network of the company in question with no cap on the amount of infractions a company could rack up.

There is a phone book sized PCI-DSS compliance manual that contains unrealistic protocols. In fact most retail businesses would never pass the entire process. Visa knows this and I have been personally told that they only look for an attempt to be compliant and punishing companies that are not capable of feigning security attempts.

The whole thing is a BS game of cat and mouse.
👤CEHParrot


🎖@malwr