Passed my GCIA GOLD Certification!
I have finally past my GCIA GOLD! You can read the white paper here! http://www.giac.org/paper/gcia/8966/learning-dridex-malware-adopting-effective-strategy/128882
I think long and hard before going for my GCIA GOLD. Taking up the GOLD certifications was a tough decision as it wasn't in my schedule. After thinking through, I figured that I should do it. Reason being that I had discovered something from analysing malware callback traffic that the security community had not discover yet, hence I decided to write it down and claim my research work before anyone else does. In addition, I had been working on analysing pcap using various command line tools and not just wireshark, this is another area that very few people actually practice.
By writing this white paper, I am able to claim two (and a half technically) areas of pcap analysis that is exclusive to me, using packet bytes characteristics to identify malware traffic, and doing pcap via command line. It also includes the research regarding malicious usage of certain HTTP fields that malware uses to hide traffic. Although there is analysis work out there that had identified the malicious object dropped from the use of this field, it hasn't been extensively covered yet. My white paper would be the first endorsed article that covers the malicious use of this http field by malware.
By having the white paper endorsed, I can confidently claim that the accuracy of my analysis of malware callback traffic with reference. Identifying C2 Traffic by Packet Bytes ~ Welcome to Gravity Sec!
I also get to work my my advisor who is a GSE certification holder Angel Alonso Parrizas
If anyone have any questions regarding doing gold certification, feel free to drop on this thread and I will try my best to answer.
I think long and hard before going for my GCIA GOLD. Taking up the GOLD certifications was a tough decision as it wasn't in my schedule. After thinking through, I figured that I should do it. Reason being that I had discovered something from analysing malware callback traffic that the security community had not discover yet, hence I decided to write it down and claim my research work before anyone else does. In addition, I had been working on analysing pcap using various command line tools and not just wireshark, this is another area that very few people actually practice.
By writing this white paper, I am able to claim two (and a half technically) areas of pcap analysis that is exclusive to me, using packet bytes characteristics to identify malware traffic, and doing pcap via command line. It also includes the research regarding malicious usage of certain HTTP fields that malware uses to hide traffic. Although there is analysis work out there that had identified the malicious object dropped from the use of this field, it hasn't been extensively covered yet. My white paper would be the first endorsed article that covers the malicious use of this http field by malware.
By having the white paper endorsed, I can confidently claim that the accuracy of my analysis of malware callback traffic with reference. Identifying C2 Traffic by Packet Bytes ~ Welcome to Gravity Sec!
I also get to work my my advisor who is a GSE certification holder Angel Alonso Parrizas
If anyone have any questions regarding doing gold certification, feel free to drop on this thread and I will try my best to answer.
Comments
-
iBrokeIT Member Posts: 1,318 ■■■■■■■■■□Congrats on your huge achievement!2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
Rumblr33 Member Posts: 99 ■■□□□□□□□□Congrats and well done. This was a good read about your analysis and Dridex.
-
JoJoCal19 Mod Posts: 2,835 ModCongrats! That's quite the achievement!Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
URG_PSH_FIN Member Posts: 33 ■■□□□□□□□□Way to go!MS in Information Assurance - Regis University
2018 Goals - [ ] GSE Lab [ ] OSCP Enrollment
Late 2018-Early 2019 Goals: [ ] RHCSA [ ] RHCE -
E Double U Member Posts: 2,238 ■■■■■■■■■■Congratulations!Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
-
OctalDump Member Posts: 1,722Congratulations. It great for you to be able to contribute something significant like this to the security community.
I have a question, though. What does Gold get you apart from kudos? Presumably, if it was published elsewhere, you could still get the kudos without the $499 price tag.2017 Goals - Something Cisco, Something Linux, Agile PM -
LionelTeo Member Posts: 526 ■■■■■■■□□□The 499 price tag can be claimed from my company, and it also comes with with CPEs to renew other certification. Most importantly, the contents had been read through by a gold adviser and graded by another person in the community, hence the published content are verified by multiple party instead of a generic tech site. This allows me to use published work as reference more easily without causing additional doubts.
-
TacoRocket Member Posts: 497 ■■■■□□□□□□What did you use to study? Their on demand content?These articles and posts are my own opinion and do not reflect the view of my employer.
Website gave me error for signature, check out what I've done here: https://pwningroot.com/ -
iBrokeIT Member Posts: 1,318 ■■■■■■■■■□TacoRocket wrote: »What did you use to study? Their on demand content?
Were you listening to the dude's story Donny? He completed a white paper, not an exam.
GIAC Gold: http://www.giac.org/certifications/gold2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
TacoRocket Member Posts: 497 ■■■■□□□□□□Were you listening to the dude's story Donny? He completed a white paper, not an exam.
GIAC Gold: GIAC Gold Overview
I'm retarded, still getting used to GIAC and the way it works.These articles and posts are my own opinion and do not reflect the view of my employer.
Website gave me error for signature, check out what I've done here: https://pwningroot.com/ -
OctalDump Member Posts: 1,722The 499 price tag can be claimed from my company, and it also comes with with CPEs to renew other certification. Most importantly, the contents had been read through by a gold adviser and graded by another person in the community, hence the published content are verified by multiple party instead of a generic tech site. This allows me to use published work as reference more easily without causing additional doubts.
I was thinking along the lines of publishing in a peer reviewed journal. I've not really looked into all that, so not sure how hard it would be to get published academically. Do you know how it would compare?2017 Goals - Something Cisco, Something Linux, Agile PM -
LionelTeo Member Posts: 526 ■■■■■■■□□□What I can think of is to check the editorial guidelines. They may require specific fonts and alignments, you had to watch out for them although its a minor issue. The more important area would be how you reference someone else work, there is a standard for it. The last point would be writing the statement correctly, this includes rephrasing in the best way possible. This could be easy task for naturally born writer. I had to reread my own paper 50 over times to fix this, even so I still continue to discover errors as I read my own paper now.