Collaborate Disseminate
Let’s come back from the world where the endpoint won the detection and response wars to this one. As we are ramping up our NTA (but, really, broader NDR for network-centric detection and response) research one mystery has to be resolved. What mo… Continue reading NTA: The Big Step Theory
Say I’m running a server application on 127.0.0.1:7646 and a local process (possibly owned by a different user) connects to it, I can run
lsof -Fp -i TCP@127.0.0.1:7646 -i TCP@127.0.0.1:<ClientPort>
which outputs som… Continue reading Can I use `lsof` to reliably determine which local process has connected to my open port?
Recently, I made a post about finding suitable dataset for SIEM systems. The goal was to work on classification and correlation.
Thanks to the feedback you guys gave, I decided to use the dataset from the Honeynet Project Ch… Continue reading How to use a dataset (training vs. testing)?
I was wondering if one can find if files were copied from the USB drive to a PC or something, and also if any and which files were recently deleted from the USB.
In your organisation’s advanced threat hunting program;
What are your most interesting datasets you hunt on?
What tools are used to hunt those datasets (are they open source? commercial? proprietary?)
We are trying to map… Continue reading Data sources used in advanced threat hunting programs
I am looking for data sets published by researchers or freelancers which can be used for the purpose of SIEM testing and evaluations. The goal is to test the classification (and later correlation) for this system.
Some rese… Continue reading Datasets dedicated for SIEM systems
As I allude here, my long-held impression is that no true anomaly-based network IDS (NIDS) has ever been successful commercially and/or operationally. There were some bits of success, to be sure (“OMG WE CAN DETECT PORTSCANS!!!”), but in to… Continue reading Network Anomaly Detection Track Record in Real Life?
The molar mass of carbon monoxide (CO) is 28.0, and the molar mass of air is 28.8, so CO will rise in an ambient atmosphere. It makes sense to detect it farther from the ground, but getting a tall ladder is not convenient and certainly doesn’t make for fast deployment. What do you do if you don’t care for heights and want to know the CO levels in a gymnasium or a tall foyer? Here to save the day, is the Red Balloon Carbon Monoxide Detector.
Circuit.io generates the diagram and code to operate the CO sensor and turn a …read more
I accidentally gave my USB to my friend and then I realized it had some important files of mine. Is there any way I can know if he got something from the USB?
Continue reading How to detect when files from my USB were copied to another PC?
Is there a program for real time monitoring binaries` syscalls with gui interfaced policies deny or allow (so called intrusion detection) like was Systrace written by Niels Provos?
Systrase in examples: http://www.citi.umich… Continue reading Alternatives to Provos`es Systrace [on hold]