Posting slow down

So I think I have fallen into the same pit that many do with keeping up on a blog. Too many things going on and not enough time in the day. I wanted to post an update and hopefully resolve to update more often :)

So I have been reading a bunch on malware analysis. I have found myself doing this more and more at work. I really enjoy the process, which has lead me to dissect the topic. The last book which I just finished was "Malware Forensics: Investigating and Analyzing Malicious Code". The book was written well. The idea of it was that you had two incidents that you were investigating. One was on a Windows machine and the other was on a Linux machine. It then took you step by step into each.

The one thing I would probably offer in the way of criticism of the book would be to finish the Windows portion, then do the Linux portion. I found it difficult to keep my mind focused when it would switch from chapter to chapter. I would find myself wanting to skip to the next Windows or Linux section to see what happens next.

Now I am reading The Art of Computer Virus Reasarch and Defense. This book is a little dated but contains great material about how viri work. The most interesting thing I see is probably that Peter Szor was talking about the need to protect Javascript in Adobe applications, or types of worms called Octopus in which multiple systems communicate together to perform an action. These are things that are current and in some cases current of the past month or two and yet here they are written about in full detail years ago.

If I learned anything about this topic so far in this book, it is that virus writers are so far ahead, it's no wonder Anti Virus programs are so easy to beat. The techniques of the good virus writers (good as in ability, not in motive) are light years ahead of the people that probably defend these systems every day. I don't mean to say this to take away from any system, network or security admin out there, but they seem to have a large leg up.

We talk a lot about education being the key to winning this battle. I agree with this, however, I feel that the real education needs to come from the people protecting these systems, more than end user education. Now before I get flamed, I'm not saying that end user education isn't important as well; I'm just saying that if the people that know and understand these systems don't understand the vectors of attack, how can we expect end users who just expect things to work to understand the techniques?

In closing, the plan to meet every Saturday starting on the 16th of January to go over the Metasploit framework course offered by Offensive Security is still on. It will be at the Bowie, MD library. If you haven't received the dates please just contact me at nospamcshaffer which is at the gmail.com mail service. Of course remove nospam for the real address.