I would advise anyone who wants to learn to use Splunk to actually use Splunk. They offer a really thorough fundamentals class for free and you fan set up a Splunk environment fairly easy.
There’s also hands-on by completing the ‘Boss of the SOC’ challenges.
Furthermore I recommend:
I highly recommend the above book to supplement study and test prep.
This week I learned about Bazar Call /Bazarloader Malware. I had never heard of this malware campaign. Even when it was explained to me I didn’t think that it would have a high success rate, but doing more research it is really successful.
The whole cycle starts with an email one that often talks about the end of a free subscription or being charged for a renewal or the like. This email might not have any links or attachments, but will have a number for the recipient to call.
<sidebar: I’d always thought these types of emails had 1 purpose and that was to scam recipients by getting them to call and then getting them to divulge credit card information or other personal information…my viewpoint was limited .>
When the recipient calls to cancel or dispute the precieved charges they are directed by the ‘call center’ to a website and this website downloads bazarloader malware which can be a carrier for other malicious code like Trojans or Ransomware.
So, I learned something new this week. I’m always amped when I learn something and I usually want to learn more about it. So, I’m doing more deep diving on Bazarloader and to see if there are other similar campaigns.
This whole thing also reinforced thinking outside the box when it comes to attacks. Often times, the simplest objective isn’t the true objective. Why hook a little phish when a marlin is out there like encrypting and ransoming an entire enterprise?
Also long story short, whether it’s a credit card scam or something more malicious, like this: don’t call random numbers in emails.
“It’s not too late to start! Start right now anyway. Set goals and take action. Have courage to fall, fail and suffer. Don’t quit. Persist with courage. Success will achieve anyway and be yours 100% guaranteed.”
― Lord Robin
I started really getting into tech when I was working overseas. I had soooo much time and needed something to stimulate myself. Also, I knew that the work I was doing was temporary and I needed to make a way so that when I came back I wouldn’t have to go back to my previous position. The first steps I took was trying to learn to code/program So many of my first resources are geared towards that.
Build A Security Ninja 