Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: InfoSec Handlers Diary Blog - Always Check Your References (Cheat Sheets to the Rescue) InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Always Check Your References (Cheat Sheets to the Rescue)

Published: 2015-07-15
Last Updated: 2015-07-15 23:27:02 UTC
by Richard Porter (Version: 2)
3 comment(s)

Most of us have a cheat sheet [CS] here and there. In my jump bag there is a 3 ring binder with cheat sheets in plastic sheet protectors. In this, it got me thinking about cheat sheets again and there are a few things to share. First, we have wrote about them many times over the years (located with site:isc.sans.edu Cheat Sheets) [1] [2] [3] [4] [5]. There are also a series of cheat sheets all over the ‘intertubes’ [6] [7] [8] and lets not forget the great list of CS at Packet Life [9]. There are even GIT repositories of CS [10].

Note: From here On, I am talking about an Apple OS X only App. If someone wants to contribute something similar for Linux and Windows email me ( rporter at isc dot sans dot edu ) or twitter @packetalien and I will post an update.

One common thing that has been bothering me as of late is ‘search-ability’ and ease of getting to quick answers in a cheat sheet. Then I thought about possible solutions and wanted to share.

For other coding references there is Dash [11] which I use heavily and they have tons of cheat sheets [12]. While sitting in a SANS 572 Advanced Network Forensics, it hit me, write a Packet Forensics CS, to the Dash Docs Batman.

As it turns out, the format is easy to understand and based in Ruby [12] and there is a Ruby gem called Cheatset [13] that has great samples.

Here is a screenshot of what I’ve got so far, and this cheat sheet will be for packet "forensicators":

There will be more to come as time permits and if anyone is interested in the source or docset for this and or would like to contribute email me ( rporter at isc dot sans dot edu ) or twitter @packetalien.

A final note, when doing forensics on a case, it is always good to have references handy!

[1] https://isc.sans.edu/diary/2+Cheat+Sheets+for+Incident+Handling/5354

[2] https://isc.sans.edu/diary/Cheat+Sheet%3A+Analyzing+Malicious+Documents/7705

[3] https://isc.sans.edu/diary/New+and+updated+cheat+sheets/6958

[4] https://isc.sans.edu/diary/New+Incident+Response+Methodology+Cheat+Sheet/10828

[5] https://isc.sans.edu/diary/OWASP+Session+Management+%22Cheat+Sheet%22/11263

[6] https://isc.sans.edu/presentations/

[7] https://www.owasp.org/index.php/Session_Management_Cheat_Sheet

[8] https://cert.societegenerale.com/en/publications.html

[9] http://packetlife.net/library/cheat-sheets/

[10] https://github.com/detailyang/cheat-sheets

[11] https://kapeli.com/dash

[12] https://github.com/Kapeli/cheatsheets

[13] https://github.com/Kapeli/cheatset

Richard Porter

@packetalien, packetalien.com, rporter at isc dot sans dot edu

--- ISC Handler on Duty

3 comment(s)
Diary Archives