grr Taking GRR 3.1 RC for a Spin For those of you who didn't get the memo, Google announced the immediate availability of Google Rapid Response server 3.1 RC at yesterdays meetup. The client was updated to 3.1.0.
clustering A Novel Way of Detecting Malicious PDF Documents For some time now the Portable Document Format standard has been a considerable risk in regard to corporate as well as private information security concerns. Some work has been done to classify PDF
maltego Social Network Analysis and Object Attribution with Maltego 3 I wrote this article with a fellow student of mine, Petter. Social Network Analysis (SNA) is getting more and more widespread now that online social networks like LinkedIn and Facebook are getting more
python A Graph Experiment with Threats and Incidents I currently maintain this threat database, and up until now I've generated the graph data for d3 using queries, and a lot of logic, in a MySQL-database. That is going to change pretty
rexster Graphs at Scale, Titan-Rexster: Gephi Visualization Options Following up on my post yesterday, I have also been looking at graphs the other way - from a scalable database to a manageable graph involving e.g. just one segment. There are
rexster Simple Rexster Graph Setup Graphs is by no question an important step in regard to structure large datasets in more meaningful ways. I figured that many won't have the necessary cluster to get the Rexster API up
debian A Check-in on The Progress of Google Rapid Response 6 months have gone by since I first experienced Google Rapid Response (GRR), and GRR is still a pretty amazing concept and tool. The platform support and powerful open source nature makes it
grr Cleaning Up The Google Rapid Response Inventory This post is inspired from Google Rapid Response (GRR) issue #49, and is relevant if you do testing against a GRR server instance for cleaning up historical debug clients in the inventory. If
hadoop The PCAP Format in a Hadoop Ingestion Perspective A cluster is a really powerful tool to handle all of your data. If you think along the lines of using Hadoop for network monitoring for instance, you would probably be looking at
conversion From Traversing With Gremlin To A Python/JSON Tree Dropping you guys a small note about a problem I've been working on. I figure this will help someone in the future. Let's say you have this graph, and would like to traverse
mac mini Booting a Mac Mini (OCT 2014) with Debian 8.0 There are a lot of guides on booting Linux on an Mac Mini, and the Mac Mini is absolutely great. There's also a lot of guides which takes some unnecessary steps on the
maintenance Migration in Progress! Due to a lot of performance issues with Wordpress I'm bringing this thing to a new platform. The content is coming over too, I'm just making sure that everything stays the way I'd
hdp Hortonworks Brings Indexing and Search to HDP2.2 Bet you’ve heard about the new Hortonworks Data Platform 2.2, right? If you haven’t I have some good news for you – it comes preloaded with Apache Solr and Banana, the
maltego Search All The Maltego Graphs I've previously been writing on how to read and process Maltego mtgx graph archives. When you start to get a directory with a lot of them you will probably be like me "Where
conversion Perspectives of Using OpenIOC with a Python Example Despite all the good stuff going on with standardization of indicators and contextual exchange in information security, the adoption rate seems rather low. I bet that most organizations isn't even close to using
forensics Remote Forensics is the New Black Like pretty much else in information security, forensics is constantly evolving. One matter of special interest for practitioners is doing forensics on remote computers, not that it's entirely new. The use-case is self-explanatory
forensics Converting PST Archives In OS X/Linux With libpst Some time ago I gave an introduction to converting Microsoft MSG files to a readable RFC 2822 format on Linux. In fact you will sometimes get an even kinkier format to work with:
hadoop Performance Tuning for jNetPcap In a Clustered Environment It comes a time when programming that one will have to start paying attention to performance. As this is true in many cases, there are especially two places that is especially important: With
hadoop YARN Command Line Logs The simplified YARN log management can be a life saver. Being able to do yarn application and yarn logs is certainly handy if you do a lot of debugging and development. The alternative
maltego Converting Maltego Domains and IPs To CSV What I'm about to show you is pretty nice if you do a lot of work in Maltego. I created it for improving my own workflow when working with domains and IP addresses,
hadoop Experimenting With Basis In Hadoop Performance I've been mentioning performance in Hadoop here previously, but I'd like to dedicate some more space to the subject since I am beginning to see that it is quite essential. When doing experiments
hadoop Automatically Expire Data In HBase Did you know that you can setup Time-To-Live on columns in HBase? The feature is especially nice if you are dealing with sensitive data such as network packet captures. You will also find
hadoop Tuning An HDP2 Ambari Installation, First Take Currently preparing some internal benchmarking tests have been incredibly illuminating. It's at this point I have begun to see the shortcomings of my Hadoop configuration and how to patch it up to find
norway Comments on the Norwegian Privacy Report 2014 - Current State and Trends I read in a Norwegian news publication yesterday that more than 50% of Norwegians doesn't care about Internet and network surveillance. In the original 60 page report (survey and report ordered by the
splunk Pushing Indicator Data To Splunk Through The REST API While doing a plugin in another system I figured I'd give Splunk as an indicator database a shot. This post will show a quick example of how it can look. The plugin name