SANS provide a very clear pathway for Incident Response in their Cyber Security Map Pathway, starting off with SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling. Having literally just passed the GCIH (GIAC Certified Incident Handler) exam which complements the course, thought it only fair to share my views on the training, materials, labs and exam itself.


It’s that time of the year again; the 2020 SANS Holiday Hack Challenge, featuring KringleCon 3: French Hens! This year’s event had a total of 12 challenges with a wide range of activities, mainly Penetration Testing boxes although others such as Threat Hunting, Cryptography and even a bit of JavaScript training. There were many different tools provided within each challenge environment (such as Splunk, Amazon S3 bucket finders, CAN BUS traffic monitoring) requiring some foundational knowledge, alongside external research. As such, this is a writeup for Objective 9 — ARP Shenanigans.

SPOILERS AHEAD:





Here we continue with the MemLabs CTFs…


MemLabs is an educational, introductory set of CTF-styled challenges aimed to encourage CTF players to develop their knowledge in the field of Memory Forensics. These labs have been created to use the memory analysis framework, Volatility alongside other tools along the way.


So the journey continues ahead of BOTS EMEA tomorrow…

Ellis Stannard

Incident Response and Threat Hunting things.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store