We've been hit, how can CyberDefenses help?

Blog

What is this CHRIME thing anyway?

by Monty St John If you work in any intense environment where large volumes of information are processed, you figure out how to be efficient and agile or you don’t last long.  CHRIME came into being as the output of late night brainstorming sessions about how to do things better.  It was borne in the…

Read More

YARA Hashing Magic

by Monty St John Back a few years before I started in digital forensics, hashing had a whole different context to me.  Back then, if you were “hashing” you were imbibing heavily and then going for a run, something I saw pretty much every morning when I was overseas.  Not that we didn’t have a…

Read More

A YARA Adventure in HTML

by Monty St John YARA works well, very well, in fact, against a diverse range of targets.  One of those is webpages.  As a target selection, it’s tough to find a more diverse and testy target to build an accurate rule.  They contain text, HTML, scripts, CSS and plenty more, which complicates devising a solid…

Read More

Intelligence Momentum and Critical Mass

I want to take a second and talk about momentum.  Specifically, momentum and building intelligence.  In this context, I am referring to momentum as the forward energy of analysis, (profiling, correlation, investigation) through the role sequence of volatile data to a realization of defined intelligence.  Regardless of the roles involved in the energy transfer (the…

Read More

NIST 800-171 Do-It-Yourself Compliance Class Update, More Training Scheduled

    by David Gray CyberDefenses www.cyberdefenses.com hosted my third NIST 800-171 DIY Controlled Unclassified Information (CUI) class the second week of September and according to the students, it went really well. The class continues to evolve, from four separate webinars, to an on-premise two-day class, to an online two-day class. This version allowed time…

Read More

CyberDefenses Announces Expanded Threat Hunting Capability

Ziften Zenith Enriches Endpoint Visibility, Monitoring and Historical Data Collection   Austin, TX September 25, 2017 – CyberDefenses, Inc., a leading provider of military-grade managed security services, today announced the addition of Ziften’s SysSecOps platform, Zenith, to its Threat Hunting and Response service.  Zenith provides all-the-time visibility and control for client devices, servers, and cloud…

Read More

Yara, Entropy and a bit of Math

When people ask what I think the number one tool in my arsenal is, I tell them without pause it is YARA.  From versatility to function, YARA beats the stuffing out of just about everything else I use.  Mainly, from the fact that in investigations, in research, in threat hunting, and even in practicing my…

Read More

Selling Canned Snake Oil

“Pew Pew” maps. You know, those world maps with arcing lines traveling from city to city, country to country going “pew pew”. They definitely look impressive (and is pretty to watch). A little wanting on the effectiveness scale, but they distract in a way pretty pictures always do. How about a massive volume of structured…

Read More

Beware Putting on the Blinders

        I’ve mentioned before that I like YARA. It’s been a nice quality these past few years that I’ve averaged about 6 classes each year. I’m batting a higher average for 2017, but I’m by no means complaining. It is one of my favorite subjects to teach. While teaching a recent YARA…

Read More

Let’s Talk About NIST SP 800-171

Remember when we mentioned the clock is ticking on NIST SP 800-171 compliance? Well, where do you start? The first step to NIST SP 800-171 is actually to make sure you have the right tools to get started with NIST SP 800-171!  Check your version—the newest one was released December 2016, and you don’t want…

Read More

Contact CyberDefenses today to learn how we can help your company’s cybersecurity needs.