The MARK python client

MARk Python

We have released version 2.0.0 of our Multi-Agent Ranking Framework Python client!

What is Situation Awareness?

Intrusion Detection Visual Analytics APT Detection

The constant stream of data produced daily, the complicated environment and the need for quick reaction to malicious attacks make the life of cyber defense analyst a living nightmare. Many wonder how are we supposed to be able to review the gigabytes of logs produced daily, how can we manage to analyze them all and extract valuable insight into what is happening in the network?

Complicated and Complex Systems- Brief Introduction

Teaching Visual Analytics

We often get confronted by a difficult problem - the lack of understanding of our environment, be that our community, organization or computer network. This originates from the structure of such systems, a finite amount of autonomous parts, which interact constantly with each other and produce unexpected results. Because of this inherent complexity, such systems are aptly named "Complex Systems". There is still some confusion in differentiating Complex Systems from Complicated Systems and in this blog we will try to give a quick overview of each.

Recovering deleted files with Foremost

Forensics Kali Linux

Sometimes it happens that files we did not want to delete are removed from the computer or external drives, or in the case of forensics analysis, we want to look for files that were previously on the system, but now are gone. Luckily, there are still ways to recover such data with relative ease!

Changing Docker's default subnet IP range

Docker Linux Windows

Docker containers have become widely used to deploy and maintain critical parts of infrastructure. The problem is that sometimes some of the containers running may interfere with other parts of the network.

VirusTotal, what is it and what is it good for?

If you have ever been a bit paranoid about files you have received per mail, or you work in a sensitive environment, you have searched online for tools which can help you analyze a file and give you a detailed overview if it could be harmful or not. Virustotal is one of the more prominent online services, which offers a way to upload any suspicious files and analyze them.

MITRE ATT&CK and the ATT&CK Matrix

Tools Offensive Security APT Detection

Defining cyber attacks is a difficult task. They vary in origins, goals and, at first glance, the techniques used might seem very different. Luckily a popular model was defined by Lockheed Martin, still used to this day, which illustrates very well the lifecycle of a typical cyber attack. The Cyber Kill Chain, popular but controversial, defines the 7 principal steps of an attack. There have been many advances, since its original conception, one of which is the wildly acclaimed ATT&CK Matrix for Enterprise.

CyberChef, the Cyber Swiss Army Knife

Tools Teaching Training

Don't remember all the command line tools or which parameters go where? At some point getting lost in all these terminal screens running different algorithms one after the other? Let CyberChef prepare and cook all this for you!

Kali Linux and Parrot Sec OS, Penetration Environment Comparison

Offensive Security Pentesting

For years, hackers have been the main characters of movies, books and generally have captured the imagination of regular folks. When we see these hackers use the tools of their trade, we usually see a black screen with green text flashing as fast as possible on the screen, lost in commands and bright flashing lights. This can't be any further from reality, as most hackers will spend hours and days on end to accomplish their tasks, usually staring at a screen, using their programs of choice.

New ways to run Kali Linux on Windows using WSL

Pentesting Offensive Security Linux Virtualization

Some time ago I wrote a blog about Installing Linux Bash Shell (and Metasploit) on Windows 10. This is great, when we want to enjoy the best of both worlds- keep using Windows, with its out-of-the-box configuration and set-up, and still be able to use the powerful tools available for the Linux distribution. In my previous blog I went through the steps necessary for setting up WSL and installing an Ubuntu and Kali Linux distribution. Since then, a lot of advancements have been made to facilitate the use of these distributions for Windows Users.

MARk: Visualizations with D3.js

MARk JavaScript APT Detection

Detecting suspicious or malicious activity in a network is not a trivial task. In recent years the attacks perpetrated have grown in sophistication and frequency. For this reason a new detection tool was developed, in the form of the Multi Agent Ranking framework (MARk). MARk sets the groundwork for the implementation of large scale detection and ranking systems through the implementation of a distributed storage in conjuncture with highly specialized, stand-alone detector agents. The detector agents are responsible for analyzing specific predefined characteristics and producing a report of any suspicious activity encountered.

Running and Imaging with FTK Imager from a flash device

Forensics Offensive Security

In the process of analyzing a suspicious machine, the first thing we need to do is to actually image the machine we want to investigate. There are different tools available to do this, but the one I most often use is FTK Imager by AccessData. The FTK Imager tool is easy to use and more importantly, there is a free version.

This website uses cookies. More information about the use of cookies is available in the cookies policy.