We have released version 2.0.0 of our Multi-Agent Ranking Framework Python client!
ReadIntrusion Detection Visual Analytics APT Detection
The constant stream of data produced daily, the complicated environment and the need for quick reaction to malicious attacks make the life of cyber defense analyst a living nightmare. Many wonder how are we supposed to be able to review the gigabytes of logs produced daily, how can we manage to analyze them all and extract valuable insight into what is happening in the network?
ReadWe often get confronted by a difficult problem - the lack of understanding of our environment, be that our community, organization or computer network. This originates from the structure of such systems, a finite amount of autonomous parts, which interact constantly with each other and produce unexpected results. Because of this inherent complexity, such systems are aptly named "Complex Systems". There is still some confusion in differentiating Complex Systems from Complicated Systems and in this blog we will try to give a quick overview of each.
ReadSometimes it happens that files we did not want to delete are removed from the computer or external drives, or in the case of forensics analysis, we want to look for files that were previously on the system, but now are gone. Luckily, there are still ways to recover such data with relative ease!
ReadDocker containers have become widely used to deploy and maintain critical parts of infrastructure. The problem is that sometimes some of the containers running may interfere with other parts of the network.
Read
If you have ever been a bit paranoid about files you have received per mail, or you work in a sensitive environment, you have searched online for tools which can help you analyze a file and give you a detailed overview if it could be harmful or not. Virustotal is one of the more prominent online services, which offers a way to upload any suspicious files and analyze them.
ReadTools Offensive Security APT Detection
Defining cyber attacks is a difficult task. They vary in origins, goals and, at first glance, the techniques used might seem very different. Luckily a popular model was defined by Lockheed Martin, still used to this day, which illustrates very well the lifecycle of a typical cyber attack. The Cyber Kill Chain, popular but controversial, defines the 7 principal steps of an attack. There have been many advances, since its original conception, one of which is the wildly acclaimed ATT&CK Matrix for Enterprise.
ReadDon't remember all the command line tools or which parameters go where? At some point getting lost in all these terminal screens running different algorithms one after the other? Let CyberChef prepare and cook all this for you!
ReadFor years, hackers have been the main characters of movies, books and generally have captured the imagination of regular folks. When we see these hackers use the tools of their trade, we usually see a black screen with green text flashing as fast as possible on the screen, lost in commands and bright flashing lights. This can't be any further from reality, as most hackers will spend hours and days on end to accomplish their tasks, usually staring at a screen, using their programs of choice.
ReadPentesting Offensive Security Linux Virtualization
Some time ago I wrote a blog about Installing Linux Bash Shell (and Metasploit) on Windows 10. This is great, when we want to enjoy the best of both worlds- keep using Windows, with its out-of-the-box configuration and set-up, and still be able to use the powerful tools available for the Linux distribution. In my previous blog I went through the steps necessary for setting up WSL and installing an Ubuntu and Kali Linux distribution. Since then, a lot of advancements have been made to facilitate the use of these distributions for Windows Users.
ReadDetecting suspicious or malicious activity in a network is not a trivial task. In recent years the attacks perpetrated have grown in sophistication and frequency. For this reason a new detection tool was developed, in the form of the Multi Agent Ranking framework (MARk). MARk sets the groundwork for the implementation of large scale detection and ranking systems through the implementation of a distributed storage in conjuncture with highly specialized, stand-alone detector agents. The detector agents are responsible for analyzing specific predefined characteristics and producing a report of any suspicious activity encountered.
ReadIn the process of analyzing a suspicious machine, the first thing we need to do is to actually image the machine we want to investigate. There are different tools available to do this, but the one I most often use is FTK Imager by AccessData. The FTK Imager tool is easy to use and more importantly, there is a free version.
Read