Jump to content
Posted 09 June 2015 - 02:48 PM
Posted 09 June 2015 - 03:01 PM
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.
Posted 09 June 2015 - 07:03 PM
Posted 10 June 2015 - 07:16 AM
I will echo what the others have said and reiterate to just keep reading. Read, read, read. That having been said, I will be putting up a page on my blog, The Presumptuous Commoner, in the very near future listing the dozens of websites, blogs, feeds, etc. that I follow on a daily basis. A good portion of what I now know came from reading articles from researchers, anti-virus companies, and vulnerability disclosures and taking the time to Google what I didn't understand. I followed the knowledge breadcrumbs, as it were. Keep checking the blog for that page to manifest.
If you are comfortable and have taken the time to set up a safe laboratory environment, the OpenSecurityTraining.info video series on YouTube is par excellence. They have day-long classes broken into individual videos, they provide the samples and slides and other things to help you follow along from home. Again, they have you work with live samples, so a decent knowledge level of how to maintain a safe lab environment separate from your vital systems is important.
Like most things, it comes down to passion and dedication. Study, ask questions, and push yourself and you will find yourself where you want to be.
Best of luck.
Posted 10 June 2015 - 11:21 AM
Thanks guys. I plan on getting my Masters in Information Assurance, how much will that help me in terms of material learned and job competitiveness?
Also, should I read about other fields related to malware analysis such as network security and hacking? How much (if at all) would reading about other fields help me?
Posted 10 June 2015 - 11:45 AM
I cannot speak to the competitiveness of the field nor the usefulness of such a degree, since I don't have any exposure to the job market in that area.
As far as reading about other fields, it never hurts to know. When working with malware samples, you may very well find yourself sniffing network traffic to see what communication the malware is eliciting. Knowing about current vulnerabilities and exploits will help you understand how malware may have entered a system.
But really, these fields are so fast paced, keeping an eye on the news and what other security experts/analysts are saying/doing will tell you what you need to be learning. If you see malware analysts constantly referring to decoding XORed code, then you should probably ask some questions to yourself. What is XOR? Why do malware authors use it? How can I decode it? If you read current news and analyses write-ups and take the time to research what you don't understand, you will start to feel where your skills need to be developed and sharpened.
That is just my opinion, of course. I have learned immensely using that methodology.
Edited by PresComm, 10 June 2015 - 11:45 AM.
Posted 10 June 2015 - 01:35 PM
0 members, 0 guests, 0 anonymous users