In the first part of this series I discussed how the SANS Cybersecurity Engineering Graduate Certificate helped me analyze the Heartbleed vulnerability and how it applied to static code analysis. This resulted in the paper “The Role of Static Analysis in Heartbleed.” Now I’ll focus on what was learned in the final part of the program and how we can apply this to our efforts here at Adobe.
The course on “Hacking Techniques and Incident Response” taught some of the techniques that attackers use to compromise systems. It also provided an overview of the forensic tools that are used to detect those attacks. In addition to the labs, students were given access to the NetWars platform. NetWars is a simulated cyber range where you can practice offensive and defensive cybersecurity techniques against live systems. Practical hands on experience is key when doing incident response and the platform facilitates this learning. The highlight of the week was being able to use the NetWars system in a competition format solving real-world problems.
The final course on “Advanced Network Intrusion Detection and Analysis” started with “bit bootcamp” and explored the lower levels of the networking stack. We were taught how to decode packets and truly understand all of the network communication that is occurring on a given computing device. The second part of the class was focused on learning how to deploy network utilities like Snort, Bro, and Silk for network analysis. The SANS at Night talks were also very useful as they allowed me to hear about recent vulnerabilities faced by the security industry as a whole and discuss potential solutions.
There were numerous techniques taught in both of these classes and through Netwars that were directly relevant to working on Adobe Photoshop and our related Creative Cloud services. While I was familiar with Charles and BurpSuite to do web session debugging, these classes allowed me to truly understand how to use deeper features of these tools to determine types of traffic being sent across the network. They also helped me understand when and how to carve the network traffic in order to focus on a smaller set of packets which can then be manually inspected in tools like Wireshark. These tools are great for testing for accidental information disclosure as well as proper authorization checks on cookies.
Taking the techniques learned during professional development and applying them directly to a set of problems on the job is the best you can hope for in any training. The tools and information from these classes has already helped in our ongoing efforts to make Photoshop a more secure product.
Engineering Manager, Photoshop
GSEC, GCIH, GCIA