Lenny Zeltser's Website

Malware Analyst - Job Description

Mon, 10 Nov 2008 07:11:19 -0500

What does the job of a malware analyst entail? If you're looking to get into this field, or if you're looking for ideas that can help you succeed there, read on. You might also find this page useful if you are creating a job description for hiring such a person.

Initial Security Incident Questionnaire for Responders

Wed, 05 Nov 2008 07:15:51 -0500

This cheat sheet offers tips for assisting incident handlers in assessing the situation when responding to a qualified incident by asking the right questions. It builds upon the incident survey cheat sheet I published earlier.

Security Incident Survey Cheat Sheet for Server Administrators

Sun, 02 Nov 2008 16:28:07 -0500

This cheat sheet captures tips for examining a suspect server to decide whether to escalate for formal incident response. It covers the general approach, and outlines commands for Windows and Unix using built-in tools. One-sheet version for printing and editing is included.

Reverse-Engineering Malware Course Art

Tue, 28 Oct 2008 08:59:11 -0500

Malware analysis is as much of an art as it is a science. To bring the point home, I created the following "word clouds" that represent the words used in the Reverse-Engineering Malware course, which I teach at SANS Institute.

Reverse-Engineering Cheat Sheet

Mon, 18 Aug 2008 10:08:22 -0500

I created a one-page cheat sheet of shortcuts and tips for reverse-engineering malware. It covers the general malware analysis process, as well as useful tips for OllyDbg, IDA Pro, and other tools. An editable version of this file is also available, if you'd like to customize the cheat sheet for your own needs. My reverse-engineering malware course explores these, and other useful techniques.

Webcast on Penetration Testing Beyond Front-Line Exploits

Fri, 18 Jul 2008 16:55:12 -0500

In this free one-hour webcast, I discuss tools and techniques for going beyond the basic exploits-focused penetration testing methodology. To attend it live, tune in on August 5 at 1:00 PM EDT. An archived version of the webcast will be available.

Webcast on the State of Malware in 2008

Thu, 12 Jun 2008 11:45:11 -0500

In this free one-hour webcast, I examine the characteristics of today's malware, exemplified by recently-seen bots, downloaders, keyloggers, and malicious scripts.An archived version of the webcast is available, complete with audio and presentation slides.

Stopping Malware on its Tracks

Sat, 7 Jun 2008 16:07:12 -0500

This article presents recommendations for addressing the risks associated with modern malware. Stopping malware requires an approach grounded in awareness and control. The article includes a link to my related webcast on protecting users from web-based threats.

Reverse-Engineering Malware Course Scheduled for June, July, September 2008

Wed, 11 Jun 2008 09:07:12 -0500

I will teach the Reverse-Engineering Malware course at SANS conferences in July 2008 (Washington, DC), September 2008 (Las Vegas, NV), and December 2008 (Washington, DC). I will also teach it via an interactive video format in June 2008; this event is a unique opportunity for higher education, and local and state government employees to take the course at a 75% discount.

Testing for Client-Side Vulnerabilities

Thu, 1 May 2008 11:40:15 -0500

When searching for low-hanging fruit, attackers are paying closer attention to client-side vulnerabilities on internal workstations. So should you, when performing security assessments. This article describes how to test for client-side vulnerabilities during a security assessment.

Social Engineering During Security Assessments

Wed, 19 Mar 2008 22:36:16 -0400

Rare is the case when a determined penetration tester or attacker fails to trick his targets into releasing sensitive information. This article explains how to incorporate social engineering testing into information security assessments.

Malware Course Interview on the PaulDotCom webcast.

Sun, 27 Jan 2008 21:49:15 -0500

PaulDotCom interviewed SEC602 course co-authors during its January 24, 2008, webcast. We discussed key procedures for malware analysis, malware trends, and the expansion of the Reverse-Engineering Malware course. MP3 of the webcast is now available.

Announcing the expansion of the Reverse-Engineering Malware course.

Fri, 28 Dec 2007 11:58:21 -0500

Announcing the expansion of the Reverse-Engineering Malware course. Here's the full announcement.

SAVVIS Security Consulting Services

Fri, 28 Dec 2007 20:21:25 -0500

I lead a regional security team at SAVVIS, a premier provider of IT infrastructure and hosting services. We offer a range of consulting services, including vulnerability assessments and penetration testing.

Emerging Information Security Threats

Sun, 10 Jun 2007 11:12:15 -0500

This article reviews the emerging threats landscape of information security, including targeted attacks, client-side infections, advanced malware, bots, and browser malware. It was originally published in May 2007 issue of Information Security magazine.

Penetration Testing with Confidence - SANS Webcast

Sat, 21 Apr 2007 12:57:21 -0500

In this SANS webcast I present 10 key issues you need to address for a successful penetration test.

Certification Magazine Article on Defending Endpoints

Tue, 23 Jan 2007 08:18:22 -0500

The reporter interviewed me for this article on protecting organizations against endpoint threats.

Malware Analysis Shortcuts - SANS Webcast

Sun, 14 Jan 2007 11:28:13 -0500

In this SANS' Ask The Expert webcast I review several techniques and free tools for speeding-up the analysis of malicious software.

A Practical Routine for Reviewing Security Logs

Sun, 29 Oct 2006 12:29:30 -0500

This article presents several tips for establishing a practical routine for reviewing information security logs.

Situational Awareness for Infosec Professionals

Mon, 4 Sep 2006 11:01:32 -0500

This article, published in Information Security Magazine, describes an approach to ensuring a project's success by becoming attuned to the organization's dynamics.

Browser Threat Landscape

Mon, 4 Sep 2006 00:42:32 -0500

This webcast, presented at SANS Institute, examines the nature of threats that target the Web browser, reviewing three major categories of browser-oriented attacks.

Beyond Vulnerability Assessment: 10 Questions

Sun, 21 May 2006 11:23:45 -0500

This presentation, prepared for ISSA, explores common information security risks that organization face, and suggests 10 questions worth asking when establishing a robust IT security program.

Penguins of Patagonia Video

Wed, 18 Jan 2006 21:18:06 -0500

This 1-minute video of Magellan Penguins records my observations from a visit to Argentina's Patagonia region.

Inside Network Perimeter Security

Thu, 3 Nov 2005 23:17:44 -0500

This book, which I produced and co-authored, is a practical guide to designing, deploying, and maintaining network defenses.

About Me

Mon, 6 Jun 2005 23:42:37 -0500

If you are interested in learning a bit more about me, this page is for you. Here I list some autobiographical facts and outline a several of my projects and accomplishments. After all, activity suggests a life filled with purpose.

Malware: Fighting Malicious Code

Mon, 3 Nov 2003 23:17:11 -0500

I contributed a few chapters to this Ed Skoudis' book, which focuses on defending against the threat of malicious code.

Presentations and Speaking Engagements

Wed, 3 Nov 2004 23:16:53 -0500

Organizations periodically invite me to present to them on topics related to IT risk management and security in business. Here are some of my recent presentations.

Trends and Dynamics of the Endpoint Security Industry

Fri, 3 Jun 2005 23:16:09 -0500

This paper examines trends and dynamics of the endpoint security industry, and evaluates the performance of market leaders such as Symantec in the context of these factors.

Firewall Deployment for Multitier Applications

Fri, 5 Apr 2002 23:15:51 -0500

This article explores the use of multiple firewalls for protecting resources according to business requirements of multitier applications.

The World-Wide Web: Origins and Beyond

Wed, 1 Nov 1995 23:15:31 -0500

This often-cited article discusses the history and the structure of the Web, and offers a peak at the future of information sharing.

The Evolution of Malicious Agents

Fri, 3 Nov 2000 23:15:07 -0500

This article examines the evolution of malicious agents by analyzing popular viruses, worms, and trojans, and detailing the possibility of a new breed of malicious software.

Information Security Search

Thu, 3 Nov 2005 23:02:03 -0500

Save time when researching security issues by focusing on specific sites of interests.

The Early History of Radio Broadcasting

Fri, 3 Mar 1995 23:14:41 -0500

This paper explores early radio broadcasting efforts by the United States and the Soviet Union.

Education and the Internet

Fri, 3 May 1996 23:23:41 -0500

This paper examines views of American Founders on education, and applies them to the Internet's role as a catalyst for improving the American education system.

Intrusion Detection Analysis: A Case Study

Sat, 3 Jun 2000 23:13:36 -0500

This paper provides a detailed analysis of several anomalous network events, and illustrates the techniques for examining alerts and logs generated by a network intrusion detection system.

Auditing UNIX Systems: A Case Study

Sat, 3 Nov 2001 23:13:19 -0500

This report presents results of a detailed information security audit of UNIX systems that belong to a fictitious company. It illustrates an approach to performing such an examination.

Network Perimeter Defense Architecture: A Case Study

Sun, 3 Dec 2000 23:12:59 -0500

This paper documents a comprehensive architecture for defending network resources of a fictitious company. It illustrates an approach to setting up a strong security perimeter.

Reverse-Engineering Malware Paper

Sat, 3 Nov 2001 23:12:39 -0500

This paper defines a framework for using easily-accessible tools and a dual-phased approach to examine malware such as viruses, worms, and trojans.

Information Retrieval with Natural Language Processing

Sat, 3 May 1997 23:12:05 -0500

This paper documents my team's thesis research on natural language processing systems for retrieving documents based on short queries.

High-Five Calvin

Sun, 3 Apr 2005 23:11:24 -0500

Slap a high five to the infamous Calvin, just because you have nothing better to do.

Life's Inspirations

Sun, 3 Apr 2005 23:08:54 -0500

"Lying in bed listening to the rain outside." "Laughing for no reason at all." Take a look at what folks submitted to me over the years, and see what inspires people of the world.

The Poetry Corner

Sat, 2 Apr 2005 23:08:13 -0500

Relax. Here you will find some of the poems I enjoy, written by well-established "professional" authors and by less-known amateur ones.

The Humor Collection

Fri, 1 Apr 2005 22:57:49 -0500

I've assembled a few humorous lists circulating on the Internet, such as "The Canonical List of Answering Machine Messages" and "More Than Fifty Ways to Get Rid of Blind Dates."