I would advise anyone who wants to learn to use Splunk to actually use Splunk. They offer a really thorough fundamentals class for free and you fan set up a Splunk environment fairly easy.
There’s also hands-on by completing the ‘Boss of the SOC’ challenges.
Furthermore I recommend:
I highly recommend the above book to supplement study and test prep.
Last Friday I sat for an passed Microsoft’s Azure Fundamentals (AZ-900) certification test. During my hiatus I had sat for an failed Microsoft’s Security Analyst (SC-200) test.
To be honest I really wasn’t prepared for SC-200. I breezed through the Microsoft Learn coursework and didn’t really study the material. Although I had hands-on with their security tools I’d never used Kusto Query Language. I kinda wanted a feel for how Microsoft tests were comparatively speaking.
Failing SC-200 wasn’t a big hit because I was aware of my shortcomings.
Still to me, Microsoft Cert Tests are trickier and have section blocks that limited the ability to go back and change answers, which I wasn’t prepared for the first time taking one of their exams, but was ready for taking the Fundamental exam.
This is exam is basically theoretical and based on understanding Azure on a high level and the using the cloud as a whole.
I would recommend using the following to test prep:
Now to get more hands on with Azure!!
This week I learned about Bazar Call /Bazarloader Malware. I had never heard of this malware campaign. Even when it was explained to me I didn’t think that it would have a high success rate, but doing more research it is really successful.
The whole cycle starts with an email one that often talks about the end of a free subscription or being charged for a renewal or the like. This email might not have any links or attachments, but will have a number for the recipient to call.
<sidebar: I’d always thought these types of emails had 1 purpose and that was to scam recipients by getting them to call and then getting them to divulge credit card information or other personal information…my viewpoint was limited .>
When the recipient calls to cancel or dispute the precieved charges they are directed by the ‘call center’ to a website and this website downloads bazarloader malware which can be a carrier for other malicious code like Trojans or Ransomware.
So, I learned something new this week. I’m always amped when I learn something and I usually want to learn more about it. So, I’m doing more deep diving on Bazarloader and to see if there are other similar campaigns.
This whole thing also reinforced thinking outside the box when it comes to attacks. Often times, the simplest objective isn’t the true objective. Why hook a little phish when a marlin is out there like encrypting and ransoming an entire enterprise?
Also long story short, whether it’s a credit card scam or something more malicious, like this: don’t call random numbers in emails.
The Cloud+ guide is very short in comparison to other study guides, but Linux+ has a section on cloud so this will feed off of that (hopefully).
Studying for this includes just 3 things:
The 4th edition study guide is super accessible and easy to understand
All-In-One is a more technical, dense book
Flashcards always and forever in deck, I like the spiral-bound to keep them altogether and easy “flippability”…
Also, not picture Cybrary Linux class and ITU CompTIA Linux class
Easy2Boot on a 64gb usb loaded with several different linux distros
I wish Professor Messer would come out with a CYSA+ series. I’m just putting that out into the ether in hopes that it will be heard and manifest.
I passed Network+ and Security+ in part to listening to Professor Messer’s lessons. When asked for resources to taking these certification exams (and A+) I always include the site in recommendations. For one the site is free. I know that people say: “You get what you pay for…” and can be disparaging about free resources, but good free resources are out there and this is one of them. I just don’t think that adage always holds up.
Second, The videos are aligned with the exam sections which make it easy to backtrack or pick out the sections that are giving one trouble or that needs more information or clarification. For example if you pretest and there is section that is an obvious need for improvement on the Professor Messer site you can go directly to that section and review just that section.
Third, there’s an offer for offline notes and recordings and this offer isn’t a pop up or annoying, so it feels like monetary gain is not the main agenda. The offline purchase is exactly what it should be: an aside.
Last, the information is good information and update quickly. This is a super plus because for example A+ has had two fairly recent updates and the information on the site has update just as quickly. By my standards keeping up with exam changes is super important because outdated information is only helpful to a certain point.
Build A Security Ninja 