Baller On A Budget: A series on cost-effective IT/infosec practices

I want to start a series of posts on how to do CND/DFIR/CTI on a budget.

I've spent the last decade of my life working in the IT world. I spent about half that time working as a part-time administrator/engineer in a small datacenter within a large corporation. I touched a lot of tech during that time frame and adopted a significant amount of it into my own homelab. But the last five years of my life have been devoted to CND/DFIR/CTI.

One of the things I've experienced working in this field has been the vast differences between the large and small companies in terms of capabilities. My current job involves sharing CTI with a wide variety of companies with a wide variety of maturity in terms of CND/DFIR/CTI capabilities. A common complaint I hear from the small-/medium-sized companies is that they could never keep up with the bigger companies because they lack resources. If you fall into this bucket, then this series is for you.

A few problems I hope to solve on shoestring budgets:

  • Build a malware analysis lab (I've seen this done by a peer for roughly $600)
  • You have logs but nowhere to put them (This one requires some out-of-the-box thinking)
  • SSL makes it impossible to know what's happening on my network (Wrong!)


Popular posts from this blog

Yara and Rich Headers are full of win

Operation Cloud Hopper

"WannaCry Is North Korea!" or "Rich Headers Win Again!"