tag:blogger.com,1999:blog-4080617372940068027.post2195737043342760605..comments2024-03-13T01:32:25.097-04:00Comments on Journey Into Incident Response: Random ThoughtsCorey Harrellhttp://www.blogger.com/profile/15008629321023489214noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-4080617372940068027.post-68312983855016807872015-11-12T08:59:58.642-05:002015-11-12T08:59:58.642-05:00I'll hit you offline about the product but it ...I'll hit you offline about the product but it was one of the driving things behind that comment. My hope is some of the comments make people self reflect about things. I've seen over the years the decline in discussions in DFIR community. Some lists that used to be really active are rarely used. A lot of blogs used to be maintained but now only a few are. Not sure why this has occurred though.Corey Harrellhttps://www.blogger.com/profile/15008629321023489214noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-12356489263310200762015-11-11T06:18:29.014-05:002015-11-11T06:18:29.014-05:00Another thought...it's unfortunate that posts ...Another thought...it's unfortunate that posts such as yours get so little attention, and then subsequently input via social media...it's topics such as these that should be generating discussion, not just getting Likes....H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-81625010429477972472015-11-11T06:17:21.010-05:002015-11-11T06:17:21.010-05:00Corey,
Unfortunately, I don't have your exper...Corey,<br /><br />Unfortunately, I don't have your experience, so I'm not seeing the same things you are. What products are being advertised to turn IT staff into "hunters"?<br /><br />ThanksH. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-4443046421506265672015-11-10T08:55:53.324-05:002015-11-10T08:55:53.324-05:00Harlan,
Thanks for the comment and it would had b...Harlan,<br /><br />Thanks for the comment and it would had been easier to number the thoughts. I agree about people being able to extrapolate to a certain extent. In other situations it is not feasible; I didn't provide details behind the thoughts so as a reader it might be difficult to see this by the quote alone. For #7, one thing I was seeing were products being advertised to make you into a hunter and people talking about wanting to hunt even though they can't do the basics. In essence, the people and products is trying to convert a crawling baby into marathon runners. In this instance, it's better to focus on the basics. For those who know and are doing the basics then they can extrapolate information they see to apply to their situations.Corey Harrellhttps://www.blogger.com/profile/15008629321023489214noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-51912257131553740972015-11-09T06:53:56.965-05:002015-11-09T06:53:56.965-05:00As to #14, a great deal of what's discussed re...As to #14, a great deal of what's discussed regarding endpoint detection also applies to servers...it's simply a matter of extrapolation. If those systems truly are a concern, we need to stop saying, "...but you didn't address servers or this application...", figure it out, and share it.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-34831890583673226402015-11-09T06:49:19.963-05:002015-11-09T06:49:19.963-05:00I'm with you on #11, Corey. That one in part...I'm with you on #11, Corey. That one in particular. Most of the others are what lead me to going on-site or deploying to perform an IR engagement, so I'm kinda okay with them. ;-) <br /><br />Numbers 12 and 13, as well.<br /><br />For number 7, a lot of what's discussed...no, wrong word...a lot of what is said about detected targeted threats can be extrapolated to be used to detect more general security threats. However, those things have to be read and understood, and then applied against an infrastructure. Many of the reactions I see indicate that folks want someone else to apply these processes to their infrastructure for them.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-69563690478825738512015-11-07T13:29:21.411-05:002015-11-07T13:29:21.411-05:00At least one rang true; I had to Google the Nietzs...At least one rang true; I had to Google the Nietzsche reference. I like the reference and thanks for making it. Corey Harrellhttps://www.blogger.com/profile/15008629321023489214noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-9591146116306104342015-11-07T12:53:34.325-05:002015-11-07T12:53:34.325-05:00You are now our Nietzsche: Testing network securit...You are now our Nietzsche: Testing network security with a hammer to see what rings true.<br />troyhttp://www.microsoft.comnoreply@blogger.com