Share this page!

Chris Sanders 🍯 Profile picture
Twitter logo
10 Nov, 6 tweets, 2 min read
I think one of the best 1-2 punches we've got going right now is our CyberChef course + our RegEx course. I consider both pretty necessary skills for analysts of multiple sorts (SOC, IR, and Malware RE).

networkdefense.co/courses/cyberc…

networkdefense.co/courses/regex/ ImageImage
CyberChef is maybe my most used tool in investigations these days other than the SIEM or a terminal. That course gives you a taste of regex but then the RegEx course makes you comfortable there. You also get a free copy of RegEx Buddy with that course.
You also get the strong 1-2 punch of Matt's Australian accent and Darrel's British accent 😍
All told, these courses complement each other well and wherever I'm running the SOC I'm putting all my analysts through both of them. The return on capability and efficiency is tremendous.
The CyberChef course, in particular, is also a great defacto introduction into the world of deobfuscation and malware analysis along with all the other blue team goodness in there. Great CTF skills to be gained too.
PS - If you want to send your whole team to both the CyberChef and RegEx courses, we can bundle them.

networkdefense.co/bulk-vouchers/

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Chris Sanders 🍯

Chris Sanders 🍯 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @chrissanders88

Chris Sanders 🍯 Profile picture
12 Nov
As one of my last doctoral coursework presentations, I spent time talking to my colleagues about the ethical dilemmas surrounding offensive security tool release. The outsider input was fascinating. Here's a thread to share some of that... 1/
Now keep in mind, my colleagues here are primarily educators. K-12 and university teachers, administrators, educational researchers, and so on. A few industry-specific education people as well, but none from infosec like me. 2/
My goal was to present the issue, explain why it was an ethical dilemma, and collectively discuss ethical perspectives that could influence decision-making. I withheld any of my opinions to let them form their own but gave lots of examples of OSTs and their use. 3/
Read 27 tweets
Chris Sanders 🍯 Profile picture
11 Nov
Although I had met Alan, I didn't know him well. However, his signature hangs on my wall as part of the SANS Difference Makers award he had a hand in awarding me in 2018. 1/
From what I know of him, he was a big part of making sure this award existed because he believed that we should use technology to make people's lives better, and a lot of his life was committed to that idea. I think that's a sentiment most of us can get behind. 2/
When we think of people whose contributions shaped the state of education in computer security, Alan is likely in the top portion of that list. When you consider the transformative power of education on people's lives, it's easy to see how many people he impacted in some way. 3/
Read 4 tweets
Chris Sanders 🍯 Profile picture
10 Nov
I'm doing some planning work now for the courses we'll work on and release in 2022 at @NetworkDefense

Want to work with me to develop a course of your own to host on our platform? Now's the time to send in a proposal.

networkdefense.co/develop-a-cour…
It doesn't matter if you don't have a lot of teaching experience as long as you are well-spoken. I'll work with you and teach you principles of curriculum design and adult learning to help turn your expertise into effective learning content.
Here are some comments from a few of our course authors who I've worked with during this process so far. ImageImage
Read 4 tweets
Chris Sanders 🍯 Profile picture
6 Nov
Some of the work I'm most proud of from my time at Mandiant was pioneering the building of investigative actions *into detection signatures* as they were written. This had profound impact across the detection and product teams, and made the tool so much more accessible.
We included two main components: a plain English version of the question that the analyst needed to answer, and the search syntax that would provide data to answer the question. It manifested in the UI as something I named "Guided Investigations".
This helped detection engineers write much better signatures because they had to think more deliberately about the consumer of the alerts (the analyst). It led to higher quality detection logic and clearer metadata, including rule descriptions.
Read 26 tweets
Chris Sanders 🍯 Profile picture
5 Nov
A nice, concise table from the @codeorg State of CS Ed report this year showing the adoption of the 9 key CS policies at the individual state level.

How does your state rank there? Are you surprised by any of it? Image
Here are the 9 policies referenced in the table. The Code.org advocacy coalition recommends these things be in place at a state level to make computer science a fundamental part of the state's education system. Image
Basically, there's a lot more to getting CS in schools than the state govt telling districts to do it or making a requirement. There needs to be curriculum and goals, teachers need to be trained and certified (pre and in-service), and all that has to be paid for and coordinated.
Read 13 tweets
Chris Sanders 🍯 Profile picture
3 Nov
There are a lot of ways that folks distinguish between blue team roles. My focus is on investigative work and cognitive skills, so I divide those roles into the mental model shown in this diagram. 1/
The primary characteristic that distinguish these investigative roles is their common place in the incident identification and response process. You might be familiar with that process acronym of PICERL, but it appears in many forms: csrc.nist.gov/publications/d…. 2/
In the diagram, the functional portion of the PICERL process is at the top. Each role is listed below that with where it typically fits in relative to those phases. Preparation and Lessons Learned phases are excluded since those are pre and post-investigation steps. 3/
Read 28 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @chrissanders88 has new unrolls!

Check out other threads from @chrissanders88!

Read all threads by @chrissanders88

:(