{"id":233,"date":"2013-08-08T02:32:44","date_gmt":"2013-08-08T02:32:44","guid":{"rendered":"http:\/\/blogs.evergreen.edu\/edurange\/?page_id=83"},"modified":"2013-08-08T02:32:44","modified_gmt":"2013-08-08T02:32:44","slug":"analytical-skills","status":"publish","type":"page","link":"https:\/\/sites.evergreen.edu\/edurange\/analytical-skills\/","title":{"rendered":"Analytical Skills"},"content":{"rendered":"<p>&nbsp;<\/p>\n<div dir=\"ltr\">\n<table>\n<col width=\"167\" \/>\n<col width=\"457\" \/>\n<tbody>\n<tr>\n<td>\n<p dir=\"ltr\">Verifying Assumptions<\/p>\n<\/td>\n<td>\n<p dir=\"ltr\">Checking network messages, protocols, file formats and other input data constraints to see if layers of abstraction are coherent and correct. Fuzzing. Enumerating and checking if failure modes, exceptions, errors are controlled, caught or anticipated. Observing and enumerating how software components or network elements are actually composed.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p dir=\"ltr\">Gaining understanding of program or system semantics<\/p>\n<\/td>\n<td>\n<p dir=\"ltr\">Finding vulnerabilities,. intrusion detection. extracting program behavior sequences\/tokens (e.g., syscalls). \u00a0Reverse engineering systems. \u00a0Extracting ROP (return oriented programming) sequences. \u00a0Understanding layers of abstraction and failure modes of a program.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p dir=\"ltr\">Gaining understanding of network organization<\/p>\n<\/td>\n<td>\n<p dir=\"ltr\">Mapping firewall rule sets. Comparing sets of network ACLs\/understanding semantics of groups of ACLs. Efficiently identifying entities on a network. Identifying network \u201cedge\u201d and ingress \/ egress points. Enumerating existing services (e.g., nmap). \u00a0Understanding layers of abstraction and failure modes of a network.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p dir=\"ltr\">Information or knowledge extraction (i.e. \u201cCyber-situational Awareness\u201d)<\/p>\n<\/td>\n<td>\n<p dir=\"ltr\">Extracting information from a large, opaque set of data. \u00a0Analyzing a raw dump of network traffic or intrusion alerts or firewall logs. Prioritizing what to look for &#8212; \u201cbig data\u201d problem. \u00a0Mapping layers of abstraction and failure modes to patterns in data.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p dir=\"ltr\">Gaining understanding of network system behavior \/ defense posture<\/p>\n<\/td>\n<td>\n<p dir=\"ltr\">Identifying the scope\/makeup of trust surface of a network. Fingerprinting behavior of network services (e.g., probing\/blackbox reverse engineering of network entities). Identifying attack path \/ kill chain. \u00a0Not just identifying failure modes but understanding them.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p dir=\"ltr\">How to create Emergent resilience<\/p>\n<\/td>\n<td>\n<p dir=\"ltr\">Recreating \/ recovering a system to a more resilient state; how to dynamically improve defense (especially in scenarios where you\u2019ve been completely compromised); how to re-abstract a compromise or intrusion incident into a better design for the target system. \u00a0Efficiently rebuilding the system; eliminating attack paths through cross-layer analysis.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p dir=\"ltr\">How to create deception or confusion for an adversary<\/p>\n<\/td>\n<td>\n<p dir=\"ltr\">Creating artificial diversity. Namespace control. \u00a0Applying probability and randomization to selectively increase complexity for the adversary to exploit failure modes.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; Verifying Assumptions Checking network messages, protocols, file formats and other input data constraints to see if layers of abstraction are coherent and correct. Fuzzing. Enumerating and checking if failure modes, exceptions, errors are controlled, caught or anticipated. Observing and enumerating how software components or network elements are actually composed. Gaining understanding of program or [&hellip;]<\/p>\n","protected":false},"author":2777,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"open","template":"","meta":{"_mi_skip_tracking":false},"_links":{"self":[{"href":"https:\/\/sites.evergreen.edu\/edurange\/wp-json\/wp\/v2\/pages\/233"}],"collection":[{"href":"https:\/\/sites.evergreen.edu\/edurange\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.evergreen.edu\/edurange\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.evergreen.edu\/edurange\/wp-json\/wp\/v2\/users\/2777"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.evergreen.edu\/edurange\/wp-json\/wp\/v2\/comments?post=233"}],"version-history":[{"count":0,"href":"https:\/\/sites.evergreen.edu\/edurange\/wp-json\/wp\/v2\/pages\/233\/revisions"}],"wp:attachment":[{"href":"https:\/\/sites.evergreen.edu\/edurange\/wp-json\/wp\/v2\/media?parent=233"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}