When I first started my #MSISE, this class was one of the top 2 I was most excited about, and it didn’t disappoint (though I wanted it to go deeper in a few areas and honestly book 3 and book 5 could make for their own great full courses). Ready to write the exam tomorrow morning, and feeling very good about it. This course more closely relates to the work I do every day than almost any other I’ve taken, which made a lot of the material easy to dive into. Scored very well on my practice exam, and feeling ready!

Nothing quite as satisfying as a well ordered index and prep materials the night before the test :)

#FOR508 #DFIR #Forensics #SANS #GCIA

Since I started my #MSISE with SANS, I have taken some GREAT classes and learned so much, but THIS class is one of the top two I’ve been looking forward to the most (the other being FOR610/GREM planned for this summer)!

I am so excited to get started on #FOR508 - Advanced #IncidentResponse, #ThreatHunting, and #DigitalForensics- and prepare for my #GCFA this Spring!

Since Thanksgiving, I’ve also been working my way through a backlog of technical books I have, occasionally reference, but never dove into completely. I’m remedying that this year and made a promise to myself to sit down and read/work through my bookshelf. I can say that I’m already seeing the benefits of that effort, unlocking a few “a ha!” moments and further helping me refine my future professional plans.

When I took my first security class years ago, I immediately fell in love with the field. I knew I needed to do this with my career. I have found that feeling again in the last quarter as I spend more time studying #memoryanalysis and #reverseengineering. I took a really nontraditional path into these disciplines, and I have a lot of gaps in knowledge I’m constantly filling in, but I *love* learning this stuff.

Over 2/3 of the way through my masters…. The academic end is in sight, but the learning opportunities are infinite :)

Kinda stoked about teaching @sansforensics #FOR508 in #Singapore next March year! Officially the furthest I will have flown to date.

In the APAC region? Come hang and chat #DFIR with me!

https://www.sans.org/cyber-security-training-events/secure-singapore-2023/

Learned something new from one of my #FOR508 students today... Apparently there is a setting within #ActiveDirectory called "Unconstrained Delegation" which could render an otherwise secure authentication as insecure.

Consider a use-case like #PowerShell remoting which generally uses non-delegate tokens to authenticate. This is ideal as it makes the credentials less susceptible to theft and re-use.

However, if a system has "Unconstrained Delegation" enabled, it could force the authentication to include the TGT of the requesting account which can be used to further authenticate as the originating user.

https://m365internals.com/2021/10/27/revisiting-unconstrained-delegation/
#secops #infosec #dfir

About to board for London to teach #FOR508 next week. Any #infosec friends in the city down for a 🍻 or ☕️, lmk! @shortstack arrives Wednesday 😎