This is an hour symposium at the Council on Foreign Relations in which a panel of experts from Fireeye, Recorded Future and Johns Hopkins University discuss the last developments in threat operations by actors such as China, Iran, North Korea and Russia. The discussion is strategic in nature and it discloses the different interests of…
Category: cyberespionage
Network attacks and exploitation: a framework
There is no other book like this one, indeed I would say this is the only book I have read of this nature. It has been written and edited by Matthew Monte and Dave Aitel two experts in the field. The main focus of the book is Computer Network Exploitation (CNE) from a strategic point…
Free cyber intelligence courses from Augusta university
By chance, a few days ago I came across three free courses from the University of Augusta. These courses have been recognized by the NSA’s cybersecurity curriculum program. http://jagwire.augusta.edu/prestigious-nsa-recognition-for-augusta-university-cyber-security-instruction/ The courses are the following: The Global Cyber Threat Environment Cyber Conflict Strategic Cybersecurity I have not had time to go through all the courses however…
A Lustrum of Malware Network Communication: Evolution and Insights
I recently came across this white paper which focuses in the dynamic analysis of network indicators for threat detection. The paper is very easy to read and I found very surprising some of the conclusions obtained from the research. The most revealing one is the fact that months before researchers have access or discovered a…
Cyber Deception: Building the scientific foundation
Looking to understand better cybe deception systems and current state of this technology, I made a thorough search in internet fiding this books in Amazon. The books is a compendium of different research papers aimed at defining cyber depection, its capabilities and technicalities to design them. If you are interested specifically in the design of…
Paper: Wave your false flags! Deception tactics muddying attribution in targeted attacks
This is an 11 page white paper that goes through the current challenges faced by researchers to attribute cyber attacks. It goes through the current techniques such as, Timestamps Strings, debug and metadata Malware families, code reuse Threat infrastructure used It also present some of the most advance APT’s and their potential origin and techniques believed…
The Project Sauron APT
Key takeaways, DNS keeps being an important protocol for exfiltration Process Injection, Memory Persistence, no file trace in disk Living of the land techniques to move laterally They thwarted the attribution process not using twice the same threat infrastructure https://securelist.com/files/2016/07/The-ProjectSauron-APT_research_KL.pdf
Battlefield Digital Forensics
In a quick break this weekend I had a chance to read this new paper developed by NATO to explain and train special forces in the art of digital intelligence and evidence collection. It is clear from this publication how rapidly the world around us is transforming, special forces from now on will be trained…
The Most Dangerous Town on the Internet
A couple of days ago I was recommended these 2 documentaries, they are short but concise and they show how cyber criminality is on the rise. In the first documentary they explain how Romania as a result of its history is seeing a surge in cyber criminal activities. It is an excellent testimony from some…
Cyber Threat Hunting (3): Hunting in the perimeter
In this third post we are going to see what we need to look at when hunting and detecting adversaries in the perimeter. We are also going to look at some of the firewall technologies and their log formats in order to detect anomalies in the inbound and outbound traffic in your network. …
Cyber Threat Hunting (1): Intro
After some long months debating whether to write a white paper, and what potential topics I could write about – I just decided that I do not have enough time to go through the process of writing a research paper for the next 6 to 12 months. Instead, I am taking some of my research and current…
Active Cyber Defense Tactics
Active cyber defense (ACD) is the concept of proactively opposing an attack in computers and networks. There are a series of tactics that can be applied in order to mitigate risk or detect adversaries inside the network. Active Hunting Security operations team focuses on reactive detection mainly based on signatures. In this scenario advanced attackers…
