SecurityCertified

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Wednesday, April 13, 2011

Cooking the Cuckoo's Egg

Posted on 11:57 AM by Unknown
In February I spoke at the DoJ Cybersecurity Conference. My abstract for the talk was the following:

In 1989 Berkeley astronomer Cliff Stoll wrote the most important book in the history of computer incident response, The Cuckoo's Egg. Twenty years after first reading the book, Richard Bejtlich, [then] Director of Incident Response for General Electric, re-read The Cuckoo's Egg in search of lessons for his Computer Incident Response Team (GE-CIRT). In the first ten pages, Bejtlich identified seven lessons for his team, and in the next twenty pages, ten more lessons. By the time he finished re-reading the book, Bejtlich identified dozens of lessons that are key to the incident response process, whether it's 1990, 2000, 2010, or beyond. In this presentation, Bejtlich will share the keys to professional incident response, originally documented by an unintentional computer pioneer.

Since several of you asked for the slides, I uploaded them here (.pdf, 60 slides). I don't usually use slides like this, but I told a story using screen captures from the really old NOVA episode about Cliff Stoll.
Tweet
Email ThisBlogThis!Share to XShare to Facebook
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • DojoCon Videos Online
    Props to Marcus Carey for live streaming talks from DojoCon . I appeared in my keynote , plus panels on incident response and cloud secur...
  • Bejtlich Speaking at TechTarget Emerging Threats Events in Seattle and New York
    I will be speaking at two events organized by TechTarget , for whom I used to write my Snort Report and Traffic Talk articles. The one-da...
  • SANS WhatWorks Summit in Forensics and Incident Response
    I wanted to remind everyone about the SANS WhatWorks Summit in Forensics and Incident Response in DC, 8-9 July 2010. The Agenda looks gre...
  • Sguil 0.7.0 on Ubuntu 9.10
    Today I installed a Sguil client on a fresh installation of Ubuntu 9.10. It was really easy with the exception of one issue I had to troubl...
  • Microsoft Updates MS09-048 to Show XP Vulnerable to 2 of 3 CVEs
    Microsoft published a Major Revision of MS09-048 to show that Windows XP Service Pack 2 and Windows XP Service Pack 3* are now Affected So...
  • BeyondTrust Report on Removing Administrator: Correct?
    Last week BeyondTrust published a report titled BeyondTrust 2009 Microsoft Vulnerability Analysis . The report offers several interesting ...
  • Human Language as the New Programming Language
    If you've read the blog for a while you know I promote threat-centric security in addition to vulnerability-centric security. I think ...
  • DNI Blair Leads with APT as a "Wake-Up Call"
    AFP is one of the few news outlets that correctly focused on the key aspect of testimony by US Director of National Intelligence Dennis Bla...
  • SANS Forensics and Incident Response 2009
    The agenda for the second SANS WhatWorks Summit in Forensics and Incident Response has been posted. I am really happy to see I am speakin...
  • NYCBSDCon 2010 Registration Open
    Registration for NYCBSDCon 2010 is now open. As usual George and friends have assembled a great schedule ! If you're in the New York...

Categories

  • afcert
  • Air Force
  • analysis
  • announcement
  • apt
  • attribution
  • bestbook
  • blackhat
  • books
  • breakers
  • bro
  • bruins
  • certification
  • china
  • cisco
  • cissp
  • cloud
  • clowns
  • commodore
  • conferences
  • controls
  • correlation
  • counterintelligence
  • cybercommand
  • cyberwar
  • dfm
  • education
  • engineering
  • feds
  • fisma
  • freebsd
  • GE
  • ge-cirt
  • hakin9
  • history
  • impressions
  • information warfare
  • ipv6
  • law
  • leadership
  • malware
  • mandiant
  • microsoft
  • mssp
  • nsm
  • offense
  • oisf
  • packetstash
  • philosophy
  • pirates
  • powerpoint
  • press
  • psirt
  • reading
  • redteam
  • reviews
  • russia
  • sans
  • sec
  • sguil
  • snorby
  • spying
  • threat model
  • threats
  • Traffic Talk
  • training
  • tufte
  • tv
  • ubuntu
  • usenix
  • verizon
  • vulnerabilities
  • wisdom
  • writing

Blog Archive

  • ►  2013 (16)
    • ►  September (1)
    • ►  August (1)
    • ►  June (2)
    • ►  April (2)
    • ►  March (1)
    • ►  February (3)
    • ►  January (6)
  • ►  2012 (60)
    • ►  December (4)
    • ►  November (5)
    • ►  October (3)
    • ►  September (10)
    • ►  August (2)
    • ►  July (6)
    • ►  June (6)
    • ►  May (4)
    • ►  April (2)
    • ►  March (9)
    • ►  February (6)
    • ►  January (3)
  • ▼  2011 (108)
    • ►  December (3)
    • ►  November (7)
    • ►  October (11)
    • ►  September (9)
    • ►  August (18)
    • ►  July (10)
    • ►  June (5)
    • ►  May (4)
    • ▼  April (13)
      • Early Review of Ghost in the Wires
      • Review of Windows Internals, 5th Ed Posted
      • Review of Windows System Programming, 4th Ed Posted
      • Review of Windows via C/C++, 5th Ed Posted
      • Review of Beginning Visual C++ 2010 Posted
      • Review of Beginning C Posted
      • Review of Programming Amazon EC2 Posted
      • UBM Cancels GTEC, Bejtlich Considers Alternatives
      • Cooking the Cuckoo's Egg
      • APT Drives Up Bomber Cost
      • Aviation Week on China's Military Capabilities
      • Answering Questions on Reading Tips
      • Review of Web Application Obfuscation Posted
    • ►  March (17)
    • ►  February (2)
    • ►  January (9)
  • ►  2010 (193)
    • ►  December (14)
    • ►  November (11)
    • ►  October (6)
    • ►  September (16)
    • ►  August (15)
    • ►  July (26)
    • ►  June (15)
    • ►  May (15)
    • ►  April (15)
    • ►  March (16)
    • ►  February (19)
    • ►  January (25)
  • ►  2009 (123)
    • ►  December (10)
    • ►  November (17)
    • ►  October (21)
    • ►  September (13)
    • ►  August (20)
    • ►  July (21)
    • ►  June (21)
Powered by Blogger.

About Me

Unknown
View my complete profile