Late last week HRC released MILPER message 18-264 which announced applications for the Computer Network Operations Development Program (CNODP). For those of you not familiar with it, CNODP is the Army’s school for training future cyber tool developers.
The other day a friend of mine shared a link to a new academic paper that was just released by a couple of researchers at the University of Cambridge. The team, Alexander Vetterl and Richard Clayton, wanted to see if they could create a technique to identify publicly accessible honeypots without having to actually interact with them.
Whenever the Army creates a new Military Occupational Specialty (MOS), they have to fill it with bodies initially that aren’t actually the MOS. In late 2013 the Army graduated its first class of the new 25D Cyber Network Defender MOS. Shorty there after, the 25D, were placed into the unit COMSEC vaults to do a job that they were never designed to do.
Yes that’s right after over 19 years of wearing signal orange I have traded it in for cyber grey.
This was a busy month with board results to post for both 170A, 255A, and 255N.
Today marked several historic events for the Department of Defense. In the course of a couple of hours, three big events happened.
So this morning I was listening to the radio on the drive into work when the DJ made an interesting statement. Turns out….he was right. Today marks the 40th anniversary of the very first spam message.
Back in November I had the chance to attend the Splunk .conf conference here in DC. One of the big after hours events of the conference is the Boss of the SOC (BOTS) competition that puts teams against each other to try and analyze a set of data to identify a variety of indicators of compromise from an incident. After a little bit of talking, Splunk decided to release the BOTS app as an open-source project.
Another problem from ACSC5. You’ve been able to get on a router and capture some traffic in an effort to map out the the corporate network. Your intelligence team has told you that your target device has an IP address of 172.16.58.47 but no one knows that actual location of it. Examine the network traffic and see if you can figure out the location of that device.
For anyone who doesn’t know, Mandiant is large cyber security company that was bought by Fireeye. They grabbed a lot of attention by the cyber security community when in 2013, they publicly released a report that linked the Chinese military to attacks dating back to at least 2006 on over 141 organizations. Each year they release a report on cyber security trends that they observed during the previous year. Granted, the results are screwed because they are based only on incidents that they responded to, but they at least give a good overall picture of what is going on around the world.