Jeff Browell

I have always been able to get done what I needed to do with regular expressions but it always took me way to long when I needed to write them.    I knew it was a problem of mine and I figured I would take the regex LinkedIn training by Kevin Skoglund to help me get a better understanding of regex.    It was a very thorough training and Kevin makes it easy and understandable.  I felt like I really moved through this training but I still have a concern that if I don't use it more often I will have problems remembering it.  I did take thorough notes and Im hoping that for the small portion of

Git Today on Linkedin Training I finished the "Git: Branches, Merges, and Remotes" Training by Kevin Skoglund.

I enjoyed the training.  It was very detailed and relatively to the point.  This training took longer than I had hoped for but when you want to learn it and engrain it into memory you have to learn it and then test it and tweak what you learned to see what all is possible and then contemplate real-world scenarios for it.  I wish we could learn the way they learn in the matrix but for now I will keep putting in the work.

I have for a long time had an interest in offensive security.  I have done a lot of training and studying different attacks.  I worked on my skills and even tested once for the OSCP.   I recently have applied to a few offensive security jobs aka pentest or web application security positions.  My resume has nothing about offensive security on it because my past has all been in positions for defensive security (blue team).  

I haven't posted in a long while.  When you read and work on things each day I only tend to post the big things but there are probably a thousand articles that I have read and haven't posted, even to the recent reads.  Im always googling and researching.    My current/recent job hunt has left me a little discouraged.  I have over 20 years in IT and at least 5 of those years as a Cyber Security Analyst.  One of those years has even been working remote but I can't seem to get my foot in the door.    That has me wondering if I don't have enough training certs or skills listed under my resume. 

I passed the GCIH this past week,  my time management was a little rough but other than that everything went ok.  
I still am not a huge fan of certifications but getting them never hurts the resume and you always seem to learn something useful when studying for them.

A huge thank you to my employer and my coworkers for everything dealing with this certification.  They made it possible. 

Today I read this article: https://pen-testing.sans.org/blog/pen-testing/2015/12/08/effective-shoda...

 Joshua Wright and Jeff McJunkin wrote: 

Im reading articles from my rss feeds today.  I came across this article about Linux Encoder (article was on ZDNET): http://www.zdnet.com/article/linux-ransomware-rising-linux-encoder-1-now-infects-thousands-of-websites . 

Last week I spent 2 days in a Cyber Security Investigations class from the Software Engineering Institute | Carnegie Mellon University.  Im pretty sure CERT was responsible for putting on the class.  It was a basic course on Digital Forensics.   The teacher went over a variety of topics even including attack vectors and offensive tools that attackers could use.  Most of the time was spent talking about strategy, and where to look for logs, clues and other trails that attackers leave when they penetrate a network.

Im reading tech articles today and I come across Ransomware Crypter Kit: eba2 (https://n0where.net/ransomware-crypter-kit-eda2/).   Im not so sure its good to put an aweosme ransomware on github for everyone to download and play with.  It just doesnt seem like an overall good idea.    You know people are going to take that and merge it with another exploit kit.  It also looks to be very very very fast at encrypting. 

An interesting story hit the web today... Apple has some applications from China distributing malware and now people are paying out a million dollars for Apple hacks.   Watch out Apple... The wolves are coming.