Thoughts, stories and ideas on cyber security

The Basics of osquery: Fleet Monitoring

The Basics of osquery: Fleet Monitoring

I have recently reviewed some device inventory and endpoint detection tools. In the future I will get back to my view on Mozilla InvestiGato

Taking Cyber Security to The Next Level With Cognitive Automation

Taking Cyber Security to The Next Level With Cognitive Automation

There is a lot of hype around many things in cyber security. One concept that is not, is called Cognitive Automation (CA). CA can be explain

The Tactical Travel Protection Model

The Tactical Travel Protection Model

Travelling with electronic devices can be a challenge. This is certainly the case if you do not have a travel program for your employees, wh

Using Matrix For Out-of-Band Communications

Using Matrix For Out-of-Band Communications

We have all been there during security operations. One of the parties involved in an incident or daily routine is not prepared for thinking

Telemetry and Modern Workspaces: A Three-Headed Hound

Telemetry and Modern Workspaces: A Three-Headed Hound

Telemetry for cyber security is currently at a crossroads. While past methods have been efficient by being based on network monitoring, the

Indicators: Our Worst Nightmare?

Indicators: Our Worst Nightmare?

Over what have become some years, cyber security professionals have been working on optimising the sharing of information and knowledge. A l

Taking GRR 3.1 RC for a Spin

Taking GRR 3.1 RC for a Spin

For those of you who didn't get the memo, Google announced the immediate availability of Google Rapid Response server 3.1 RC at yesterdays m

A Novel Way of Detecting Malicious PDF Documents

A Novel Way of Detecting Malicious PDF Documents

For some time now the Portable Document Format standard has been a considerable risk in regard to corporate as well as private information s

Social Network Analysis and Object Attribution with Maltego 3

Social Network Analysis and Object Attribution with Maltego 3

I wrote this article with a fellow student of mine, Petter. Social Network Analysis (SNA) is getting more and more widespread now that onlin

A Graph Experiment with Threats and Incidents

I currently maintain this threat database, and up until now I've generated the graph data for d3 using queries, and a lot of logic, in a MyS

Graphs at Scale, Titan-Rexster: Gephi Visualization Options

Following up on my post yesterday, I have also been looking at graphs the other way - from a scalable database to a manageable graph involvi

Simple Rexster Graph Setup

Graphs is by no question an important step in regard to structure large datasets in more meaningful ways. I figured that many won't have the

A Check-in on The Progress of Google Rapid Response

6 months have gone by since I first experienced Google Rapid Response (GRR), and GRR is still a pretty amazing concept and tool. The platfor

Cleaning Up The Google Rapid Response Inventory

This post is inspired from Google Rapid Response (GRR) issue #49, and is relevant if you do testing against a GRR server instance for cleani

The PCAP Format in a Hadoop Ingestion Perspective

A cluster is a really powerful tool to handle all of your data. If you think along the lines of using Hadoop for network monitoring for inst

From Traversing With Gremlin To A Python/JSON Tree

Dropping you guys a small note about a problem I've been working on. I figure this will help someone in the future. Let's say you have this

Next