My short absence from updating the blog is both sad and funny. I originally planned to skip one week because of short 3 day holiday with my wife and friends. While on holiday I received a phone call from my father explaining to me how he just broke his leg 500 miles from home! To complicate matters, my mother just had knee replacement surgery a few weeks earlier and was home in bed unable to do anything. So after returning from holiday I jumped on the next AA flight to COS to get my dad home to Kansas City. Once in KC I had to get my mom to a follow up surgery (she reinjured the new knee), and get my dad through his. My sister was a big help during this, but this family emergency through all kinds of wrenches in my GSE study plan. I returned to DFW earlier this week and started to catch up.
For GSE this week I spend time looking over the Incident Handling domain. I reviewed the incident handling process as defined by SANS:
Preparation
Identification
Containment
Eradication
Recovery
Lessons Learned
Additional areas covered in the IH domain include common attacks, malware and preserving evidence. Fortuantly I was able to get those areas covered as well. This week I hope to cover the ITSEC domain, OS security, secure communications, and protocols.
Turns out this week I was also accepted to facilitate FOR 610: Reverse Engineering Malware with Lenny Zeltser at SANS Network Security 2011 in Las Vegas. This is the first time I have done facilitating for a SANS course and will tell you I am very excited about the opportunity.
I should be back to posting once a week again, and after the GSE lab I plan on doing more technical and interesting blog posts!