Medijski sadržaj
- Tweetovi
- Tweetovi i odgovori
- Medijski sadržaj, trenutna stranica.
-
The rust tracing library looks awesome. Great talk by Aliza Weisman:https://www.youtube.com/watch?v=JjItsfqFIdo …
-
Network support in Grapl is going well. With the right instrumentation Grapl can even show relationships like: Process -> Network -> Process But it's capable of supporting weaker instrumentation like netflow, or IP -> IP.pic.twitter.com/hNrSEAi2CA
-
-
-
I spent today writing a library for writing aws lambdas. Specifically, lambdas triggered by SQS. It'll use workstealing from SQS, batch up APIs, parallelize, etc. In Grapl's case it'll even merge generated graphs before uploading, which should be a significant perf win.pic.twitter.com/k2ixhTPIZZ
-
Just watched 'Monitoring Anomalous Application Behavior' from re:Invent 2019. From
@travismcpeak and@__muscles https://www.youtube.com/watch?v=kWJoiZ9yMpg … Great talk. I love burn-in + 'first use' tracking. Looks like something I could hopefully integrate into Grapl in the near future.Prikaži ovu nit -
Adding fuzzy matching support. Quick example - a process with a name similar to svchost, but not equal to svchost.pic.twitter.com/YdaOeXvSVv
-
Forward edges in Grapl plugins are working. All of the code is generated from just a simple schema definition. Implementing a plugin is now a matter of minutes. The schema generates code to: * Represent queries and views * Extend existing node types * Provision dgraphpic.twitter.com/YaPrYLlsK3
Prikaži ovu nit -
This is probably my least favorite talk ever: https://www.youtube.com/watch?v=rFejpH_tAHM … In it "filter" and "map" are considered "complex" and "slow".
-
Damn, I love this image from metaflow docs https://docs.metaflow.org/introduction/what-is-metaflow …pic.twitter.com/sFg2ArMnmu
Prikaži ovu nit -
Trying to hammer out slides for that talk on TTPs. It's ending up as a sort of case study/ analysis of detection logic, based on a remodeling of the Pyramid of Pain. Tactic -> Behavior, Technique moved down, Procedure moved way down, IOCs grouped into one row, motivation at toppic.twitter.com/wDgbyPVNYb
Prikaži ovu nit -
Grapl's plugin system has been done in terms of the underlying mechanics for some time I've been working to make plugins easier to use. Building a plugin is now just defining a single schema. All other classes are generated. Use is even simpler, you can extend existing nodes.pic.twitter.com/nSSbmTV5p0
Prikaži ovu nit -
This is all part of a big push to get API stability. Plugins will allow me to stabilize the core while still allowing the system to be extendable. IPC node here is 100% implemented as a plugin. https://github.com/insanitybit/grapl-ipc-plugin/tree/master/grapl-ipc-generator-plugin …pic.twitter.com/q09Igteog2
Prikaži ovu nit -
The Ipc node you see here is implemented entirely in Grapl's plugin system. In this case, catching non-ssh IPC to an ssh service (ssh-agent). I'm nearly done with the plugin system and it's already been a breeze to use.pic.twitter.com/a20LgDxq12
-
Compiling a 140 LOC library (for the first time) :|pic.twitter.com/UhGZMPvKj3
-
Implementing a Grapl plugin for inter-process communication. Pretty simple, just a few minutes of work. I'll reduce that work in the future, but I'm happy enough to move on for now and get some plugins out.pic.twitter.com/90qLOVr91r
-
Example of a few correlated analyzers. One is a recursive search; look for processes with IPC to sshd/ssh-agent, recurse the process lineage until there's a uid/auid mismatch. Other analyzers are unique (grand/)parent of ssh and parent/child auid/uid mismatches.pic.twitter.com/WrdJKMf6f7
Prikaži ovu nit -
Great
#bluehat talk on Graphs for Security by Ian Hellen. All the good stuff - Jupyter notebooks, attack graphs. He goes deeper on some areas that I had to gloss over to save time, in particular the power of Jupyter notebooks. Great demo.https://www.youtube.com/watch?v=1qrjL2zPhrs&list=PLXkmvDo4MfutkDE6HQ_6ekh16lBiLHkWO&index=4 …
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.