Practical Packet Analysis (with Chris Sanders)

Jan 09, 2017

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 32

GUEST:Chris Sanders

January 9, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, Blubrry, and YouTube.
NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Practical Packet Analysis (with Chris Sanders)

SHOW NOTES

PART 1

Joe introduces Chris and talks about his work and accomplishments. We transition to talking about the “Russian Hackers” and the “GRIZZLY STEPPE” report. We provide analysis of the quality of application of the IP addresses and hashes in the reports. Attribution is discussed in terms of Russia versus China. We talk about “Nation State” and the implications of such attribution. We talk about the role of Social Engineering and spear phishing in the success. Chris and I debunk the Vermont “Power Grid” attack in terms of application and the news reports. We talk about proper research and identifying bias and skew.

Resources Used

US CERT Report on GRIZZLY STEPPE

US CERT Site about GRIZZLY STEPPE

CNBC Article about Russia’s Role in DNC Hack

Washington Post article detracting attribution of Vermont Power Grid attack to Russia

PART 2

We kick it off by asking Chris the origin of Practical Packet Analysis. Chris tells us that the first edition came 10 years ago (in 2006) as he was studying in college at age 19 (published at age 20). It all started with a blog post. Someone posted it to Dig and crashed his site. He was contacted by No Starch press who asked him to write it. Chris said that he initially wrote it to help pay his way through college, but at the time he was fairly young and not experienced enough to write a really great book. The next edition was really about redemption and making the book live up to its potential. Chris talks about how this was not originally a security book, but rather network monitoring and packet analysis.

PART 3

Chris talks about his Investigative Theory training and the correlation between his writing and teaching. He talks about the lack of training in terms of how to apply tools and how to investigate. Chris talks about his interaction with the course and how the questions are structured. He explains how human and cognitive psychology plays into investigating. His January class is full and his March class is almost full.

We shift to discuss the Rural Tech Fund. Chris lost his mother and sister at a young age. The house he grew up in recently sold at auction for $14,000. Like me, he had little opportunity to be successful, less learn technology. A teacher named Ms. Jackson told Chris that he would do great things, but to “Remember where he came from.” Chris shifted the focus from scholarships to the classrooms. He helped to get teachers involved to help impact over 10,000 students last year in the donation of equipment. In 2017, Chris wants to impact 25,000 students.

ABOUT Chris

Practical Packet Analysis (with Chris Sanders) — Chris Sanders

Chris Sanders is an information security consultant, author, and researcher. He is the leader of a detection and investigation research team at FireEye and has extensive experience supporting multiple government and military agencies, as well as several Fortune 500 companies. In multiple roles with the US Department of Defense, Chris helped to create several NSM and intelligence tools currently being used to defend the interests of the nation.

Chris has authored several books and articles, including the international best seller “Practical Packet Analysis” form No Starch Press, currently in its third edition and in seven languages, and “Applied Network Security Monitoring” from Syngress. He is currently pursuing a PhD in Cognitive Psychology in an attempt to enhance the field of security investigative technique through a better understanding of the human thought and learning processes.

Chris is the founder and director of the Rural Technology Fund, a non-profit that donates thousands of dollars in scholarships and equipment annually to further technical education in rural and high poverty areas.

CONTACTING Chris:

Twitter: @ChrisSanders88

Website

Training Site

Rural Technology Fund

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:

Delivered by FeedBurner