Remote Code Execution - benjamin-s-hobbs/reading-notes GitHub Wiki

Remote Code Execution

From: Cyber Threat Analyst: Key Job Skills and Expected Salary (accessed by Benjamin Hobbs on 8/14/2023)

  • A Cyber Threat Analyst is an information security professional who leverages skills and expertise of network engineering to mitigate and avoid cyberattacks on the organization or its employees. They identify vulns and conduct digital forensics and threat modeling to monitor and tackle threats against organizational infrastructure.

  • Also known as Cyber Intelligence Analysts

    • They work across departments and functions to identify and correct flaws in an organization's security systems

Typical Duties

These are typical duties of Cyber Threat Analysts/ InfoSec Analysts:

  • Monitor the network for security breaches, and investigate any violations

  • Install and use software to protect sensitive information

  • Perform penetration testing by simulating attack to identify and vulns before they can be exploited.

  • Develop reports documenting security breaches and the extent of damage they caused.

  • Craft Security Standards and best practices for a company

  • Stay up-to-date with latest security trends

  • Monitoring and audit of system and processes like identity and access management which may involve methodologies like zero-trust security

  • Assist in delivering cybersecurity awareness training

Expected Salary scales

  • entry-level: typically $84,000/yr

  • more experience: typically $98,885 - $126,976

(Results may vary)

10 Must-Have Skills for a successful career as Cyber Threat Analyst

  1. Formal Education in a Related Field
  2. Ability to Dig Deep and Focus on the Details
  3. Technical Know How
  4. Familiarity with Various Tools, Methodologies, and Platforms
  5. Good Communication Skills
  6. Strong Implementation Skills
  7. Subject matter expertise and Foreign Language Skills
  8. Ability to Conduct Detailed Assessments and Provide Strategic Recommendations
  9. Data Expertise
  10. Must Understand the Hacker Mindset

PowerShell

From: Tracking, Detecting, and Thwarting PowerShell-based Malware and Attacks

Questions for Understanding

  1. You just got a new job as a Cyber Threat Analyst, how would you explain your role to a family member?
  • "I'm sort of like a digital detective, more like a private company's private eye. I look for clues to see if crimes have been committed or are being committed, and I investigate those use my training and knowledge of threat actors (bad guys).
  • The better I am at my job, the more I can:
    • Get into the mind of the criminal to anticipate responses and next steps
    • Speak their language
    • I've got to know my "neighborhood" so I know when things are out of place.
    • I've got to be able to learn to ask the right questions and act on those.
    • Build a theory, test it, and use what I've learned to refine it closer to the truth.
    • Advise higher ups on how we can do things better.
  1. Explain what makes PowerShell such an effective attack vector.
  • Because of its widespread presence and ability to turn off default settings that now obscure the execution of malware, running a PowerShell script can open the door for successful attacks.
  1. What are two things you can do to mitigate attacks that leverage PowerShell?
  • Enable logging.
  • Disable obfuscation