Selling Canned Snake Oil
“Pew Pew” maps. You know, those world maps with arcing lines traveling from city to city, country to country going “pew pew”. They definitely look impressive (and is pretty to watch). A little wanting on the effectiveness scale, but they distract in a way pretty pictures always do. How about a massive volume of structured…
Beware Putting on the Blinders
I’ve mentioned before that I like YARA. It’s been a nice quality these past few years that I’ve averaged about 6 classes each year. I’m batting a higher average for 2017, but I’m by no means complaining. It is one of my favorite subjects to teach. While teaching a recent YARA class, a student cornered…
Let’s Talk About NIST SP 800-171
Remember when we mentioned the clock is ticking on NIST SP 800-171 compliance? Well, where do you start? The first step to NIST SP 800-171 is actually to make sure you have the right tools to get started with NIST SP 800-171! Check your version—the newest one was released December 2016, and you don’t want…
Getting Social with CRITs
It’s all about relationships. That’s a truism in social situations and in CRITs. In fact, go ahead and think of CRITs as a social animal. CRITs allows you to pretty much connect via relationship every top level item (TLO – link needed) and many sub-items and describe that connect via CYBOX (link) terms. While I’m…
Cloak and Dagger Subterfuge
If you haven’t become concerned about putting off patching and reviewing user permissions in the wake of wanna cry and eternalrocks, then perhaps you should reexamine your risk assessment and management model. Patches of any kind are always inconvenient especially if you are of any size or distribution of forces. Critical patches are even worse,…
YARA Shenanigans and Other Jokes
If it hasn’t become obvious, I have a great appreciation for YARA. So I keep my eye on articles about it, both good and bad. It’s rare that you see a bad one, since it’s tough not to appreciate what it can do. Occasionally, though something profound and funny comes running to your door to…
Announcing 1-Day Deep Dive Courses
CyberDefenses is very excited to announce the availability of a 1-Day Deep Dive series of courses. These new classes each provide students with an immersive experience in a topic that is extremely important within cyber security. In each of these classes, our expert instructors go much deeper than a typical introduction, providing the student with…
Samples and Analysis with CRITS
A power function of CRITs is handling, managing and organizing the results of working with sample files. Whether as a function of threat intelligence research, dealing with service tickets or incidents, juggling samples is always a requirement. CRITs helps this process by providing a place to contain samples as well as automated and on-demand processing…
Are You an Interesting Target?
Are you an interesting target? In the rack and stack of threat intelligence, the tactics used by an adversary are illuminating. It’s easier to flip the toggle and switch in and out atomic indicators than to flip over the way you do business. It’s a matter of investment. That domain? Pffftt. No problem. The method…
Are you NIST 800-171 ready? The clock is ticking…
If you are a U.S. federal government contractor (or anyone else who touches CUI), you’re probably aware of NIST SP 800-171. If not, you certainty should be – and fast. One of our newest services is a program that helps contractors understand the requirements in detail, assess where you stand relative to compliance, and then…