Quick question:
96hz wrote:
3. What is the most rewarding aspect of your job?
Finding answers and getting it right; and helping others understand important technically complex issues.
How do you know when you've "got it right"?
This question has puzzled me for a long while. For the most part, we all work in some modicum of isolation...we're either working alone, or on a small, isolated team. What I mean by that is that, as a community, we don't share findings.
About four years ago, I was doing some host-based analysis as part of an APT engagement, and found something fascinating. Due to the logging that had been enabled on the system I was analyzing, I was able to clearly see the malware being loaded via the DLL search order vulnerability. I was sure that I was right, because I had all of the data points...the system was Windows XP, so the file system was still recording last accessed times, including when DLLs were loaded into memory. However, when I tried to describe it to other team members, I just got blank stares...most didn't even know what the DLL search order vulnerability was.
I was sure that I was right, and thought it would be a great topic to blog about, but I was told to not say anything and not share it with anyone. A couple of weeks later, something very similar was posted to the Mandiant blog (written by Nick Harbor).
Beyond that kind of validation, how do we know that we're right?
↧