Doing VPN on Android Like IPsec on iOS Both Windows and Android has gotten a lot of flack for not supporting strong ciphers natively on Android and iOS. Some time ago Algo gained support for a very awesome newcomer called Wireguard.
Remote Forensics with Mozilla Investigator In my recent post about osquery, I wrote about collecting telemetry from digital endpoints. This is important as skilled threat actors may be quick to manipulate anything that leaves traces on the system.
Streaming Data from neo4j to Gephi Recently I have been using the graph database neo4j to visualise a dataset. If you have used the HTML-based graph visualisation engine inside the neo4j browser you would have quickly come to the
The Basics of osquery: Fleet Monitoring In another post I wrote about how telemetry is a challenge of a changing and more diverse and modern landscape. Recently I have reviewed some device inventory and endpoint detection tools that will
Taking Cyber Security to The Next Level With Cognitive Automation There is a lot of hype around many things in cyber security. One concept that is not, is called Cognitive Automation (CA). CA can be explained by comparing it to traditional automation. That
The Tactical Travel Protection Model Travelling with electronic devices can be a challenge. This is certainly the case if you do not have a travel program for your employees, where you must tinker with a new setup on
Using Matrix For Out-of-Band Communications We have all been there during security operations. One of the parties involved in an incident or daily routine is not prepared for thinking they could be compromised. Communications and information sharing is
Telemetry and Modern Workspaces: A Three-Headed Hound Telemetry for cyber security is currently at a crossroads. While past methods have been efficient by being based on network monitoring, the current revolution in encryption and the distributed workspace makes it insufficient
indicators Indicators: Our Worst Nightmare? Over what have become some years, cyber security professionals have been working on optimising the sharing of information and knowledge. A lot of the efforts have recently been focused around intelligence- and data-driven
grr Taking GRR 3.1 RC for a Spin For those of you who didn't get the memo, Google announced the immediate availability of Google Rapid Response server 3.1 RC at yesterdays meetup. The client was updated to 3.1.0.
clustering A Novel Way of Detecting Malicious PDF Documents For some time now the Portable Document Format standard has been a considerable risk in regard to corporate as well as private information security concerns. Some work has been done to classify PDF
maltego Social Network Analysis and Object Attribution with Maltego 3 I wrote this article with a fellow student of mine, Petter. Social Network Analysis (SNA) is getting more and more widespread now that online social networks like LinkedIn and Facebook are getting more
python A Graph Experiment with Threats and Incidents I currently maintain this threat database, and up until now I've generated the graph data for d3 using queries, and a lot of logic, in a MySQL-database. That is going to change pretty
rexster Graphs at Scale, Titan-Rexster: Gephi Visualization Options Following up on my post yesterday, I have also been looking at graphs the other way - from a scalable database to a manageable graph involving e.g. just one segment. There are
rexster Simple Rexster Graph Setup Graphs is by no question an important step in regard to structure large datasets in more meaningful ways. I figured that many won't have the necessary cluster to get the Rexster API up
debian A Check-in on The Progress of Google Rapid Response 6 months have gone by since I first experienced Google Rapid Response (GRR), and GRR is still a pretty amazing concept and tool. The platform support and powerful open source nature makes it
grr Cleaning Up The Google Rapid Response Inventory This post is inspired from Google Rapid Response (GRR) issue #49, and is relevant if you do testing against a GRR server instance for cleaning up historical debug clients in the inventory. If
hadoop The PCAP Format in a Hadoop Ingestion Perspective A cluster is a really powerful tool to handle all of your data. If you think along the lines of using Hadoop for network monitoring for instance, you would probably be looking at
conversion From Traversing With Gremlin To A Python/JSON Tree Dropping you guys a small note about a problem I've been working on. I figure this will help someone in the future. Let's say you have this graph, and would like to traverse
mac mini Booting a Mac Mini (OCT 2014) with Debian 8.0 There are a lot of guides on booting Linux on an Mac Mini, and the Mac Mini is absolutely great. There's also a lot of guides which takes some unnecessary steps on the
maintenance Migration in Progress! Due to a lot of performance issues with Wordpress I'm bringing this thing to a new platform. The content is coming over too, I'm just making sure that everything stays the way I'd
hdp Hortonworks Brings Indexing and Search to HDP2.2 Bet you’ve heard about the new Hortonworks Data Platform 2.2, right? If you haven’t I have some good news for you – it comes preloaded with Apache Solr and Banana, the
maltego Search All The Maltego Graphs I've previously been writing on how to read and process Maltego mtgx graph archives. When you start to get a directory with a lot of them you will probably be like me "
conversion Perspectives of Using OpenIOC with a Python Example Despite all the good stuff going on with standardization of indicators and contextual exchange in information security, the adoption rate seems rather low. I bet that most organizations isn't even close to using
forensics Remote Forensics is the New Black Like pretty much else in information security, forensics is constantly evolving. One matter of special interest for practitioners is doing forensics on remote computers, not that it's entirely new. The use-case is self-explanatory
