Raeted R Reincarnation!
So why the comeback? I met some really interesting folks at the security cons last year (DEFCON and SecTor) and just last weekend at Thotcon in Chicago. I am inspired by the work of so many folks in this field and I feel a strong urge of sharing and discussing security with them, hence a comeback to twitter and blog. I still don't plan to post very regularly, but I would like to write when twitter's 140 words aren't enough for my thoughts and when I am done with all the Fiancé wedding planning duties for the week :)
What started in year 2005 was a dream... a dream of working and contributing in the field of Information Security. It was September 5, 2005 when I started this blog and it was mainly to share the security write-ups and tools found via daily surfing.
Little did I know that I will eventually land a job in Information Security working with the very people I used to read about and better yet, get to work in the field of Digital Forensics investigating financial fraud. It all started when Nicholas (Nick) Percoco was recruiting for Security Operation Center (SOC) Engineer in January 2006. I was one of the lucky candidates chosen by Titan Recruiting to have an interview opportunity with Nick. I don't quite remember what I said or displayed in the interview that Nick decided to hire me , perhaps it was the desire and passion for security that reflected somewhere in the interview (Thanks Nick)
I started working for AmbironTrustWave (ATW, now Trustwave) on February 6, 2006 as a Security Engineer. The job was to help design and maintain firewalls and intrusion detection systems for our fortune 500 clients. It was a great learning experience under the guidance of Stewart Williams (da Checkpoint Guru) and Zachary Lammers (The Attack). ATW was growing by the day so the company decided to hold lots of cross training sessions to meet the high demand. Rob Havelt's Penetrating Testing training was one that I learned the most from and developed interest in offensive security.
In summer of 2007, there was an opening for Forensics Consultant at ATW. Out of all the positions ATW, I always wanted to get into Forensics, perhaps because that department always kept their doors locked and my curiosity led to a greater interested in Forensics. Anyhow, I saw an internal email about the Forensics position, I jumped on it and one of my really long emails to Mark Shelhart (Practice Manager of Forensics at ATW at the time) got me an interview and the rest as they say is history. Thank you Mark.
Forensics was tough but my very patient colleagues, Chris Johnson and Colin Sheppard were always there when I got stuck on a case. In 2008, I discovered a new form of attack for Point of Sale devices in one of the high profile cases. Colin who became the Practice Manager of Forensics then, encouraged me to write a whitepaper on it. Thanks to him, that paper took me places and encouraged me to do even better. First it got published by Visa in Oct 2008, then the talks at DEFCON and SecTor with Nick in our Malware Freakshow Preso.
In 2009, Chris Pogue joined our team. This is when Colin, Chris and I along with other big players in Forensics started being loud about the methodology shift required in Forensics as highlighted in Chris' Blog post. The acceptance of Chris' Sniper Forensics talk at various conferences proves that our initiative is not going in vain.
The biggest credit to at least my development and learning in the field of incident response/forensics goes to this one blog, Windows Incident Response by Harlan Carvey. I visit many blogs but this is one blog that is constantly updated and can always be counted for original content. He is also the author of Windows Forensics Analysis book.
So this was pretty much the explanation behind the absence from the blog. This field keeps getting fascinating with every new case. The bad guys are getting better but to be honest, the white hats are closing the gap. As they say, "You scan my ports, I sniff your packets". Just like bad guys need one hole to break in, the good guys need just one mistake to catch the trail. Game ON!