Don't second guess. Go with experience.




CyberDefenses - Banner - Federal

CHRIME and History

by Monty St John Nicholas Sparks rolled out this beautiful saying that I often butcher, but like to use nonetheless — “Nothing is ever lost nor can be lost…”.  The “H” in CHRIME is about history, specifically the history of the element you are examining with CHRIME and those elements linked to it.  History and…

Read More

CHRIME and Constellation

by Monty St John If you haven’t had a chance to look over the introduction of CHRIME via this link, take a second to do so prior to diving into this first topic. It sets the stage to understanding what CHRIME is all about and gives some context to make the dive we are about to…

Read More

What is this CHRIME thing anyway?

by Monty St John If you work in any intense environment where large volumes of information are processed, you figure out how to be efficient and agile or you don’t last long.  CHRIME came into being as the output of late night brainstorming sessions about how to do things better.  It was borne in the…

Read More

YARA Hashing Magic

by Monty St John Back a few years before I started in digital forensics, hashing had a whole different context to me.  Back then, if you were “hashing” you were imbibing heavily and then going for a run, something I saw pretty much every morning when I was overseas.  Not that we didn’t have a…

Read More

A YARA Adventure in HTML

by Monty St John YARA works well, very well, in fact, against a diverse range of targets.  One of those is webpages.  As a target selection, it’s tough to find a more diverse and testy target to build an accurate rule.  They contain text, HTML, scripts, CSS and plenty more, which complicates devising a solid…

Read More

Intelligence Momentum and Critical Mass

I want to take a second and talk about momentum.  Specifically, momentum and building intelligence.  In this context, I am referring to momentum as the forward energy of analysis, (profiling, correlation, investigation) through the role sequence of volatile data to a realization of defined intelligence.  Regardless of the roles involved in the energy transfer (the…

Read More

NIST 800-171 Do-It-Yourself Compliance Class Update, More Training Scheduled

    by David Gray CyberDefenses hosted my third NIST 800-171 DIY Controlled Unclassified Information (CUI) class the second week of September and according to the students, it went really well. The class continues to evolve, from four separate webinars, to an on-premise two-day class, to an online two-day class. This version allowed time…

Read More

Yara, Entropy and a bit of Math

When people ask what I think the number one tool in my arsenal is, I tell them without pause it is YARA.  From versatility to function, YARA beats the stuffing out of just about everything else I use.  Mainly, from the fact that in investigations, in research, in threat hunting, and even in practicing my…

Read More

Selling Canned Snake Oil

“Pew Pew” maps. You know, those world maps with arcing lines traveling from city to city, country to country going “pew pew”. They definitely look impressive (and is pretty to watch). A little wanting on the effectiveness scale, but they distract in a way pretty pictures always do. How about a massive volume of structured…

Read More

Beware Putting on the Blinders

        I’ve mentioned before that I like YARA. It’s been a nice quality these past few years that I’ve averaged about 6 classes each year. I’m batting a higher average for 2017, but I’m by no means complaining. It is one of my favorite subjects to teach. While teaching a recent YARA…

Read More

Contact CyberDefenses today to learn how we can help your company’s cybersecurity needs.