Theory versus practice: threat-centrism
I currently work in a threat-centric role, in the sense that we detect and respond to threats as they occur. We handle malware, log analysis, and network & system forensics. So I use “threat” in a...
View ArticleThreat intel sharing with OpenIOC
Indicator of Compromise by Kool-Aid Man Mandiant recently announced OpenIOC, “an extensible XML schema that enables you to describe the technical characteristics that identify a known threat, an...
View ArticleDFIR fundamentals with Mandiant updates
Chewbacha revisits the classics Today, I had the opportunity to listen to the latest installment of Mandiant’s web series “Fresh Prints of Mal-ware”: The Nutts and Boltz of APT Persistence Mechanisms,...
View ArticleBook Review: Challenges in Intelligence Analysis
I have always believed in the value of interdisciplinary studies. Specifically, I like to examine approaches taken in superficially-dissimilar fields where the underlying problems or useful solutions...
View ArticleGetting into the guts of mwcrawler
Earlier this week, my buddy Ken Pryor mentioned a project with which I had no prior familiarity: @Forensication Have you seen mwcrawler? I'm trying it out now. github.com/ricardo-dias/m…— Ken Pryor...
View ArticleKonig: malware, graph theory, and fuzzy hashes
As a small personal research and learning project, I spent a few hours this weekend writing Konig. This is intended to evolve into a framework for investigating relationships between fuzzy hashes (e.g....
View ArticleMaltrieve: retrieving malware for research
As I continued to hack on mwcrawler over the last month, I found that it didn’t really meet my needs for various reasons: slowness, difficulty of maintaining and adding sources, repeated grabbing of...
View ArticleBrain dump of DFIR and network security research ideas
Maybe I could get more of these done with this. I’ve seen several people talk about lacking ideas for research projects, often around DFIR or network security. Personally, I have the opposite problem:...
View ArticlePizza with a bad taste: BHEK intel
I got some spam today that made me hungry (even after eating real spam so many times as a kid). You've just ordered pizza from our site [snipped yummy but long listing of pizzas and drinks including...
View ArticleEthics versus economics for security research
Independent security researchers often have a reputation as narcissistic vulnerability pimps (true or not), but the environment which has evolved around information security largely drives this. This...
View Article
More Pages to Explore .....