Governance, Risk, & Compliance
My thoughts, observations, and readings on different facets of GRC.
Friday is the movie/documentary night for 2022. Wife and I watched ‘The Rescue‘ today. It is one of the most riveting documentaries I watched since Icarus. The movie had enthralling real footage from the rescue and some reenactments to fill the narrative gaps, but you won’t even recognize it until you watch the credits. The…
I read Atomic Habits sometime last year and developed the habit of running first thing in the morning with all the motivation I was driving from the book. I ran for a week and lapsed. After that, it has been an on-and-off habit of running. But over the last few weeks, I have realized that…
Back in 2019, I was preparing my resume for a full-time job and was thinking of ways to stand out. I went through all the checklist items – good GPA, difficult courses, nice capstone project, good internships, a bunch of security certifications, etc. But something was amiss. So I decided to include a section called…
I read this excerpt in Awareness today: Thinking cannot be stopped – not that it does not stop – but it cannot be stopped. It stops of its own accord. As I think about this quote it dawned on me that we can’t really stop thinking. There is a paradox in this statement itself. When…
I have been keeping new year’s resolutions since 2011. I achieved a few of them and some are still on the bucket list (Oh, those elusive abs!). This year, I have decided to not keep the new year resolutions but do something to progress on 4 key themes: Wisdom – read good books, listen with…
I remember watching this Ted talk first time in 2015. If you haven’t watched this video before, I highly recommend you watch this video before reading further. I don’t remember a lot from the video, but one line that has stuck with me over the years is ‘The days you remember are the days you…
I alone am responsible for all outcomes of my life – good or bad. I alone am responsible for keeping my body fit, sharpening my mind, and enriching my soul. I alone am responsible for how I think, feel, and respond. I alone am responsible for the well-being of myself, my family, society, and country…
Yet Another Recursive/Ridiculous Acronym (YARA) is a multi-platform tool for matching patterns of interest in malicious files. It was created by Victor Alvarez from VirusTotal. It is used to perform research on malware families and identify malware with similar patterns. It can help in categorizing malware in different malware families, and can also be used…
Key learnings: Use Remnux VM to analyze suspicious files. Syntax to check the file type file <filename> strings utility extracts and prints the printable character sequences from a given file or what’s also known as ‘strings’. VirusTotal is a website that will scan files, URLs, IP addresses, domains, or a file hash you provide using 60+ different…
The definition of Phishing according to the MITRE ATT&CK Framework: “Adversaries may send phishing messages to gain access to victim systems. All forms of phishing are electronically delivered social engineering. Phishing can be targeted, known as spearphishing. In spearphishing, a specific individual, company, or industry will be targeted by the adversary. More generally, adversaries can conduct non-targeted phishing, such…