Don't second guess. Go with experience.

Have you been hit? CyberDefenses can help.

Blog

Categories

Archives

YARA Hashing Magic

by Monty St John Back a few years before I started in digital forensics, hashing had a whole different context to me.  Back then, if you were “hashing” you were imbibing heavily and then going for a run, something I saw pretty much every morning when I was overseas.  Not that we didn’t have a…

Read More

A YARA Adventure in HTML

by Monty St John YARA works well, very well, in fact, against a diverse range of targets.  One of those is webpages.  As a target selection, it’s tough to find a more diverse and testy target to build an accurate rule.  They contain text, HTML, scripts, CSS and plenty more, which complicates devising a solid…

Read More

Intelligence Momentum and Critical Mass

I want to take a second and talk about momentum.  Specifically, momentum and building intelligence.  In this context, I am referring to momentum as the forward energy of analysis, (profiling, correlation, investigation) through the role sequence of volatile data to a realization of defined intelligence.  Regardless of the roles involved in the energy transfer (the…

Read More

NIST 800-171 Do-It-Yourself Compliance Class Update, More Training Scheduled

    by David Gray CyberDefenses www.cyberdefenses.wpengine.com hosted my third NIST 800-171 DIY Controlled Unclassified Information (CUI) class the second week of September and according to the students, it went really well. The class continues to evolve, from four separate webinars, to an on-premise two-day class, to an online two-day class. This version allowed time…

Read More

Yara, Entropy and a bit of Math

When people ask what I think the number one tool in my arsenal is, I tell them without pause it is YARA.  From versatility to function, YARA beats the stuffing out of just about everything else I use.  Mainly, from the fact that in investigations, in research, in threat hunting, and even in practicing my…

Read More

Selling Canned Snake Oil

“Pew Pew” maps. You know, those world maps with arcing lines traveling from city to city, country to country going “pew pew”. They definitely look impressive (and is pretty to watch). A little wanting on the effectiveness scale, but they distract in a way pretty pictures always do. How about a massive volume of structured…

Read More

Beware Putting on the Blinders

        I’ve mentioned before that I like YARA. It’s been a nice quality these past few years that I’ve averaged about 6 classes each year. I’m batting a higher average for 2017, but I’m by no means complaining. It is one of my favorite subjects to teach. While teaching a recent YARA…

Read More

Let’s Talk About NIST SP 800-171

Remember when we mentioned the clock is ticking on NIST SP 800-171 compliance? Well, where do you start? The first step to NIST SP 800-171 is actually to make sure you have the right tools to get started with NIST SP 800-171!  Check your version—the newest one was released December 2016, and you don’t want…

Read More

Getting Social with CRITs

It’s all about relationships. That’s a truism in social situations and in CRITs. In fact, go ahead and think of CRITs as a social animal. CRITs allows you to pretty much connect via relationship every top level item (TLO – link needed) and many sub-items and describe that connect via CYBOX (link) terms. While I’m…

Read More
Subterfuge

Cloak and Dagger Subterfuge

  If you haven’t become concerned about putting off patching and reviewing user permissions in the wake of wanna cry and eternalrocks, then perhaps you should reexamine your risk assessment and management model. Patches of any kind are always inconvenient especially if you are of any size or distribution of forces. Critical patches are even…

Read More

Contact CyberDefenses today to learn how we can help your company’s cybersecurity needs.