A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


How to learn reverse engineering, kick ass at bug bounties, and being a bad ass SOC analyst - (BSides Nashville 2017) (Hacking Illustrated Series InfoSec Tutorial Videos)

How to learn reverse engineering, kick ass at bug bounties, and being a bad ass SOC analyst

ben actis

BSides Nashville 2017

# How to learn reverse engineering, kick ass at bug bounties, and being a bad ass SOC analyst ## Objective This talk is designed to give entry level individuals several resources to grow their skill sets in reverse engineering, bug bounties, and working in a SOC. It will break down all the skill sets above into areas for visual, auditory, and kinesthetic learners. By the end of the talk, those in the audience will hopefully walk away with a list of resources and encouragement to further their professional career. ## Learning Reverse Engineering Talk about the resources on opensecuritytraining.info. This is where I learned reverse engineering while I was at MITRE. Prereqs: Basic knowledge in C. ### Visual Learners: Slide content, Practical Malware analysis book chapters to read ### Audio Learners Link to youtube videos on opensecuritytraining.info which contain 60 hours of recorded lecture content ### Kinesthetic learners What exercises are useful such as CMU binary bomb lab, and easy malware samples ## Bug bounties Talk about what resources are most in need:mobile reverse engineering and web app hacking skill sets Prereqs: Basic java, Basic C, Basic Web background ### Visual Learners Books: tangled web, web app hacker's handbook, and books related to mobile reverse engineering as well. ### Kinesthetic learners Numerous CTF and google training examples. Where public write-ups on bug bounty examples exist. ### Audio Learners What existing talks exist on this subject. ##SOC Work Prereqs: Basic understanding of OS, OSI Model. Talk about where to learn more about IDS, flow, pcap, and threat actors. ### Visual Learners Tao of network security book. Other IR books. ### SOC Training Opensecuritytraining.info classes: flow analysis and pcap analysis. # Kinesthetic Learners CCDC pcap samples, reading through Actor reports, etc.

Ben Actis spent five years at MITRE in the areas of mobile reverse engineering and network analytics. He taught intro to x86 and intro to flow analysis which are available on opensecuritytraining.info. He spent one year at Lookout's research and response team in San Francisco. He was the primary researcher responsible for shedun/humming bad and xcode ghost. He is currently at Synack where he is a research and development engineer. When not reversing he is busy catching pokemon, taking Krav Maga, and trolling on twitter

Back to BSides Nashville 2017 list

Printable version of this article

15 most recent posts on Irongeek.com:

    If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

    Copyright 2019, IronGeek
    Louisville / Kentuckiana Information Security Enthusiast