Boss of the SOC

Splunk

Back in November I had the chance to attend the Splunk .conf conference here in DC.  One of the big after hours events of the conference is the Boss of the SOC (BOTS) competition that puts teams against each other to try and analyze a set of data to identify a variety of indicators of compromise from an incident. After a little bit of talking, Splunk decided to release the BOTS app as an open-source project.

cyrptogram

TACLANE Encrypted Tunnel

Here is another CTF problem from last years Army Cyber Stakes Challenge.  You are provided a solid line of characters (see below) and have to turn it into the flag.  The trick is that because there aren’t any line breaks, you have to figure it out.

where_am_i

SNMP Packets

Another problem from ACSC5. You’ve been able to get on a router and capture some traffic in an effort to map out the the corporate network. Your intelligence team has told you that your target device has an IP address of 172.16.58.47 but no one knows that actual location of it. Examine the network traffic and see if you can figure out the location of that device.

Bash Command Line Arguments

Computer Code

I frequently write BASH scripts for use at work.  I am a firm believer that if I am going to do something more than once or twice, script the stupid thing out.  When possible, I’m a big fan of using command line arguments when I write scripts just to make things easier and also allow even more scripting, but I always forget how the hell to handle the things…..No more.

Mandiant 2018 Trends Report

TACLANE Encrypted Tunnel

For anyone who doesn’t know, Mandiant is large cyber security company that was bought by Fireeye. They grabbed a lot of attention by the cyber security community when in 2013, they publicly released a report that linked the Chinese military to attacks dating back to at least 2006 on over 141 organizations. Each year they release a report on cyber security trends that they observed during the previous year. Granted, the results are screwed because they are based only on incidents that they responded to, but they at least give a good overall picture of what is going on around the world.

US and Russia Partner for Secure Elections

US and Russian Flags

In what many analysts are calling a surprising move, Secretary of Homeland Security Kirstjen Nielsen on Friday announced that the department had completed a mutual assistance agreement with Russia to help ensure that each countries voting systems were secure.

Slow Mover

network forensics

Another problem from the 5th annual Army Cyber Skills Challenge.  The problem is called slow_mover and can be found here.

Problem
Your boss just handed you this PCAP that one of your network sensors captured. He’s positive that there is something fishy going on here but has no clue what it is.

Officer or Warrant Officer Post Military Retirement Employment

Let me lead with a little insight into my current situation. I am an Army Chief Warrant Officer 3 that is retiring from the Army after 20 years of active duty service. I have attended the Transition Assistance briefings and classes provided by my local installation. But, these classes are very basic and for everyone. The VA briefings do distinguish the differences in benefits between those that ETS and those that retire but that is the extent of any differentiated training between two types of Soldiers exiting the Army. The information about when I, as a commissioned officer, could start employment was very much discovery learning.