InsanityBit

@InsanityBit

Previously: Developer on InsightIDR , Security Engineer for Detection & Response Currently: TBD

San Francisco
Vrijeme pridruživanja: lipanj 2012.

Medijski sadržaj

  1. 24. sij
    Odgovor korisniku/ci
  2. 31. pro 2019.

    The rust tracing library looks awesome. Great talk by Aliza Weisman:

  3. 27. pro 2019.
  4. 23. pro 2019.

    Network support in Grapl is going well. With the right instrumentation Grapl can even show relationships like: Process -> Network -> Process But it's capable of supporting weaker instrumentation like netflow, or IP -> IP.

  5. 22. pro 2019.

    Put this on my tombstone

    Prikaži ovu nit
  6. 22. pro 2019.

    This is what my laptop sits at just about all day.

    Prikaži ovu nit
  7. 16. pro 2019.

    I spent today writing a library for writing aws lambdas. Specifically, lambdas triggered by SQS. It'll use workstealing from SQS, batch up APIs, parallelize, etc. In Grapl's case it'll even merge generated graphs before uploading, which should be a significant perf win.

  8. 11. pro 2019.

    Just watched 'Monitoring Anomalous Application Behavior' from re:Invent 2019. From and Great talk. I love burn-in + 'first use' tracking. Looks like something I could hopefully integrate into Grapl in the near future.

    Prikaži ovu nit
  9. 10. pro 2019.

    Adding fuzzy matching support. Quick example - a process with a name similar to svchost, but not equal to svchost.

  10. 9. pro 2019.

    Forward edges in Grapl plugins are working. All of the code is generated from just a simple schema definition. Implementing a plugin is now a matter of minutes. The schema generates code to: * Represent queries and views * Extend existing node types * Provision dgraph

    Prikaži ovu nit
  11. 7. pro 2019.
    Odgovor korisniku/ci

    This is probably my least favorite talk ever: In it "filter" and "map" are considered "complex" and "slow".

  12. 3. pro 2019.
    Prikaži ovu nit
  13. 2. pro 2019.

    Trying to hammer out slides for that talk on TTPs. It's ending up as a sort of case study/ analysis of detection logic, based on a remodeling of the Pyramid of Pain. Tactic -> Behavior, Technique moved down, Procedure moved way down, IOCs grouped into one row, motivation at top

    Prikaži ovu nit
  14. 28. stu 2019.

    Grapl's plugin system has been done in terms of the underlying mechanics for some time I've been working to make plugins easier to use. Building a plugin is now just defining a single schema. All other classes are generated. Use is even simpler, you can extend existing nodes.

    Prikaži ovu nit
  15. 22. stu 2019.

    This is all part of a big push to get API stability. Plugins will allow me to stabilize the core while still allowing the system to be extendable. IPC node here is 100% implemented as a plugin.

    Prikaži ovu nit
  16. 18. stu 2019.

    The Ipc node you see here is implemented entirely in Grapl's plugin system. In this case, catching non-ssh IPC to an ssh service (ssh-agent). I'm nearly done with the plugin system and it's already been a breeze to use.

  17. 16. stu 2019.

    Compiling a 140 LOC library (for the first time) :|

  18. 13. stu 2019.

    Implementing a Grapl plugin for inter-process communication. Pretty simple, just a few minutes of work. I'll reduce that work in the future, but I'm happy enough to move on for now and get some plugins out.

  19. 12. stu 2019.

    Example of a few correlated analyzers. One is a recursive search; look for processes with IPC to sshd/ssh-agent, recurse the process lineage until there's a uid/auid mismatch. Other analyzers are unique (grand/)parent of ssh and parent/child auid/uid mismatches.

    Prikaži ovu nit
  20. 31. lis 2019.

    Great talk on Graphs for Security by Ian Hellen. All the good stuff - Jupyter notebooks, attack graphs. He goes deeper on some areas that I had to gloss over to save time, in particular the power of Jupyter notebooks. Great demo.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·