What’s Old is New Again…

What’s Old is New Again…

or How Things in the IT Security World Never Really Change…

By Phill “Sherlock” Shade

13 Aug19

Well I have finally joined the IT “Blogging” crowd, although to be honest, I am not sure if I can come up with much that hasn’t been said over and over before (Hence the name of my blog). Here goes:

To answer the most common question that I have been receiving since this site went live:

Who are you and what qualifies you to run a Security-focused website and company?

Well let’s see… I’m Phillip D. “Sherlock” Shade is a Senior Network / Forensics Engineer and founder of Merlion’s Keep Consulting founded in July 2000, a professional services company specializing in all aspects of Network and Forensics Analysis as well as providing a full range of professional training and customized curriculum development.


I have been working in the IT and what is now called Security and Forensics since approximately 1987 when I discovered my first computer virus inside a network that was supposed to be secure from outside contact. We would eventually trace it to an infected 8-inch floppy disk that one of the users would bring in each day.

From there, my interest in these things called computers received a big jolt in interest and I have never looked back. For many years I followed a very common computer and networking career path the eventually led me into the world of consulting and Packet Analysis using first a DOS-based Sniffer and then ever-increasing complex packet analysis tools culminating in my love affair with the Open-Source Network Analyzer Wireshark. (As you see in a moment, while all of this was happening, I never let go of my interests in the security world as it was evolving.)

While working as a networking consultant, someone said I was good at explaining the results of investigations to my clients and suggested becoming an instructor (and later curriculum developer) as a sideline to my consulting work. I had been an instructor while in the United States Navy, so I said what the heck and started in the original Sniffer University and then later many other training organizations including: AG Group (later WildPackets) Academy), Global Knowledge, Planet-3 Wireless Academy and Wireshark University.

Along my journey, down my somewhat twisted career path, I began to notice that many of the techniques we were using to evaluate and troubleshoot network issues could very easily be adapted into tools and techniques to aid in security work. Very quickly, this mindset took on a life of it’s own and my interest, alright “Obsession”, with what we now refer to as “Network Forensics Analysis” resulted in the creation of over 30+ courses and the creation of this website….

Well that’s me and how I ended up here, so stay tuned in coming weeks as we examine topics such as: the world of Man in the Middle Attacks (MITM), Cache Poisoning, Firewall bypassing, Malware and Ransomware Analysis, Operating System Fingerprinting (OS Fingerprinting) and even a deep-dive into the mysteries of TCP Retransmissions (or what the heck is a TCP Retransmission vs. a Fast TCP Retransmission vs. a Spurious TCP Retransmission.