On the Hunt Part 2: Identifying Spear-Phishing Recon Activity-Collection of User Details with Ads for Spear Phishing Campaigns

A few weeks ago, I published a Base64 decoding article. The findings from this ranged from process ID numbers, application and version detection, to the blatant collection of email addresses. With…


From Targeted Attack to Rapid Detection

From Targeted Attack to Rapid Detection Yesterday I was hit with a targeted phishing email that was incredibly good. The email was terse and had a 7 hour time window for which I needed to open the…


IDS Autopsy

Intro If you’re in the IT security industry, you’ve certainly heard that IDS is dead. It’s funny to hear technology personified this way. Someone call 1110001111! The thought of a security technology…


On the Hunt - Threat Hunting with Base64 Decoder

Every now and again you hit a day where you just feel like scrolling. One of those lazy, rainy days just before the holidays. Today is one of those days and that's where my less efficient threat…


The Dangerous Rise of Ransomware

Ransomware is a relatively new type of cybersecurity threat.  It amounts to an attacker taking and encrypting your valuable data, and then charging you to de-crypt it.  The idea came about 10 years…


From Big Data to Beautiful Data: Bridging the gap from Threat Hunter to C-Suite graphs with Zeppelin notebooks and D3

In my previous posts we worked through a number of Threat Hunting queries and data mining ideas. In the end we left off with how to demonstrate and translate value to the C-Suite. This has lead me…


Why We Picked Tensorflow for Cybersecurity

When I started in security analytics several years ago, the choice of tool and platform was typically dictated for you, usually based on earlier investments the company had already made. These…


Threat Hunting with your hands tied - This is Big Data Part II

  Threat hunting isn’t only about finding compromised assets, it’s also performing the predictive function of finding the holes a malicious attacker might take advantage of. As I mentioned last…


Telling the Security Story

Data analytics and machine learning can be very empowering for security, but don’t lose sight of your true goal when using them. In work as an IT auditor, a security investigator, or threat analyst,…


Threat Hunting with your hands tied - This is Big Data Part I

The Stage: When walking into a Fine China shop, you can look, but Do Not Touch! This concept applies in a customer Proof of Concept; you can't influence the infrastructure or applications, you can't…