TF Security Team

[joelm3103]

Just thought I'd ask, what has become of this team? I wasn't here when it was made or apparently shut down...only snooped around the forums and realized the thread.

My original thread here: Active?.
Thread pertaining to the team I'm talking about is here: Tech Forums Security Team Conduct & Duties.

Would be great if this team or some people would be active, that way Osiris won't have the world on his hands dealing with spyware and stuff. Just thought I'd lend a helping hand, if I got permission too...I seem like a new member and what not, but it interests me and thought I'd shine some light onto it.

 

[Trotter]

Osiris pretty much is the official team. while a certain few are authorized to help out, we don't allow just anyone to be a part of the Security Team. Heck, I'm not even qualified to be on it.

The original qualifications are around here somewhere, but I do remember that some certifications were required along the malware removal lines, and/or hands-on training with a Security Team member. We looked into some training stuff but found out that the person who was setting it up had been lying about their credentials so that killed it then and there.

I would like to see the Security Team back up and operational. I am sure that there are days when Osiris wishes he had some others to help handle the load. He developed his spyware guide to help himself out.

 

[joelm3103]

Ah cool and ya I get the fact that you don't just let anyone on the team and stuff lol. About the training, if pointing me to sites or reading guides help...I don't mind giving it a shot...maybe test me somehow. Been reading up on it a while now, checking through the spyware forum looking at his solutions and taking notes lol . He's got the whole world on his hands haha, just thought I'd put out my offer since I'm online pretty much everyday.

Anyways if it's ever back up, and y'all are recruiting, inform me...I'll try and pass whatever test is needed, it really do interest me . As for now, I'll lay back and just read through the threads, don't wanna post anything without permission as I know the risks of corrupting one's PC with wrong deletions/edits/etc.

Thanks for the reply .

 

[KSoD]

Take it from me, the only other person even close to being certified for the Spyware team, that no matter how many "guides" you read it doesnt help. Each situation is unique and you have to know your stuff inside and out to even make an attempt at doing what Osiris does.

I know how to read every type of log. Yet even i still pale in comparison to what Osiris does. I know how to fix just about every situation that can come up, yet i still dont contribute in that area cause for as much as i know, it still isnt enough.

So it will take more than reading guides cause you have to know how to get rid of every type of infection, what to do if the removal software doesnt work what others can be used, what protection is good and so on. No guide on the net can cover everything that is needed to be known. Not even if you read every single one of them. I know i have gotten close.

 

[joelm3103]

Thanks and I get your point . But I mean, apart from all that, there must be something that one can do to improve his knowledge to that level. I may not be qualified and read just guides but I got the determination. I don't mind if I'm not qualified, I won't shoot posts without confirmation but I'll still stick around and analyze the logs and try to educate myself. Thanks for the tip though.

 

[KSoD]

Well your best option at this point, since you want to learn, is to go to bleepingcomputers.com and read up on their guides they have there. Also check via google for guides on MBAM, Combofix and HiJack this. Then just read the logs posted but dont read Osiris's response. See if you can come up with the same solution as he does. If not try to figure out how he got that solution.

After that it comes down to figuring out which tools do the job for which infection. there is tools for Vundo, Virtumondo, and just about everything else. So you have to be able to spot which infection it is to know which tool to run and how to run it.

Then comes the hard part, what to do when the tool that should be used cant be run. There are other tools out there that can remove such infections without using the specific tools. So you have to be able to know right up front what to suggest if those tools dont work.

Then after all of that you have to be able to know when a restore point might be infected and how to remove that. That is easy but you have to be able to know if that needs to be done first so that the infection doesnt come back.

The process is long. It took me a good 6 months to be able to read the logs properly. Even so i still cant do it as fast as Osiris. Yeah there are sites out there that can read logs for you like hijackthis.de but you have to be able to spot when that suggests something that is legit over something that isnt. As that site uses different locations for files than some people.

I will be blunt in saying that the process will take upwards of around a year to be decent at the task. There are some sites out there that have schools for such things. But even so those are only specific to certain things and have a specific order which varies depending on the infection. They take a specific route and suggest specific tools for everything. They are not as "laid back" as we are. We get teh job done, but they would say that we are inefficent in our attempts cause we dont go to the lengths that they do.

 

[joelm3103]

Haha now that's more like it ! Thanks for the speech and sites . You also break it down pretty much to my understanding. Ya I've been reading around the bleepingcomputer's guide and some others.

Every now and then I check other forums that's listed on bleepingcomputer for their logs and make similar notes. Also I PM Osiris every now and then if I got a query and he pretty much explains it out .

Yeah I guess it would take me a while and I'll have to get familiar with the stuff, but I guess I'll try looking around and see what I can gain. I might not be pr0 at this whole spyware/infection thing, but at least I'll gain some knowledge and try to assist if I can and post where I'm permitted to. Thanks for all the help guys, much appreciated . Looking forward to see if I can become anywhere near pr0 as y'all and maybe help out some more .

 

[Kharn]

To be honest I would be more involved in the security team for the open forums, if I -
A) Had more time.
B) Was allowed to talk about half the stuff I know.
C) Had more time.

To be frank about it most of my security experience is poping a box rather than unpoping a box.