zlenny
@jillyred.net
| SANS ISC Question(s)
Is anyone familiar with SANS ISC (Internet Storm Center)? I have been checking out their website but I'm still not 100% sure about it. I thought SANS was a for-profit company but it sounds like the ISC "handlers" (yes, that is what they are called and apparenly they rotate in shifts) are all volunteer. My wondering is, do these guys know what they are talking about or are they simply acting in a way that is what is best for them and their respective companies, and tooting their own horn like most all InfoSec professionals tend to do (myself included)? I mean, as I understand it, each one works in the security field, just for a different company than SANS. Seems like each one would have their own agenda, not to mention The SANS institute being in the middle of all that trying to make a buck with their training and sending out security newsletters that sensationalize events and are half full of just them talking about themselves and their experience.
Here is a link to their "diary" (yes, they call it a diary and not a blog which is a little weird because diaries are what little girls keep and blogs are for grown men and women):
»isc.sans.org/ |
|
mysec
Premium
join:2005-11-29
| I have used ISC for years a primary source of information about exploits. Often, because of the distribution of their Handlers world wide, they are the first to learn/notify of an exploit. I remember well the WMF exploit from 2005.
Some of the Handlers, such as Bojan Zdrnja and Adrien de Beaupre, analyze the code to reveal its secrets, and, more importantly from my standpoint, how the exploit is triggered and what the payload is. Very helpful from a preventative point of view.
Here are a few:
An Israeli patriot program or a trojan
»isc.sans.org/diary.html?storyid=5638
Malicious swf files?
»isc.sans.org/diary.html?storyid=4468
Mixed (VBScript and JavaScript) obfuscation
»isc.sans.org/diary.html?storyid=4231
----
rich |
|
VikingBob
join:2004-06-05
Ste Anne, MB
 ·MTS
| reply to zlenny
Re: SANS ISC Question(s)
They are indeed the good guys, on the "up and up." They do know what they are doing.
Tom Liston's entries (haven't seen him as Handler of the Day in a while) are usually good for a laugh. Go search his entries - especially the Follow the Bouncing Malware ones  |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
 ·Callcentric
 ·RoadRunner Cable
| reply to zlenny
SANS handlers are top of the line. Two of my colleagues are handlers and they are both GIAC certified, the top of the line in certs. If you don't think the cert is rigorous, hunt down some of the GIAC study guides.
Yes they are employed in security positions in private, government and military companies and organizations. Their training isn't cheap but it's good.
I check the handlers' diaries daily and also subscribe to their newsletter. Go beyond the diaries and check into their reading room, which contains lots of good stuff for professionals. Also take a look at some of the honors papers from GIAC candidates at »www.sans.org/reading_room/whitep···/honors/
If I was good enough to pass the GIAC series, I'd toot my horn for sure. It's an automatic pay and rate raise
--
The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis |
|
