CyberDefenses, Inc.
CyberDefenses, Inc.
Page Metadata Update

New page title detected.

  • New: by Monty St John Back a few years before I started in digital forensics, hashing had a whole different context to me.  Back then, if you were “hashing” you were imbibing heavily and then going for a run, something I saw pretty much every morning when I was overseas.  Not that we didn’t have a bunch of other names for it that are probably inappropriate for a blog post, but hashing was what stuck out of the metaphorical mudslinging back then.   Hashing, obviously has a completely different meaning today — in fact most, likely have no idea of the previously usage.  Hashing with YARA doesn’t mean we are going to swill some spirits and dash out on a 5K.  It does mean we are going to use hashes — message digests of files, processes and other fun things — to do some investigative matching.  Before trundling too far down that road, a brief touch on objectives is in order.  Since hashing in our context means to create a shortcut of sorts for any content we run it against, using that wisely
  • Old: I want to take a second and talk about momentum.  Specifically, momentum and building intelligence.  In this context, I am referring to momentum as the forward energy of analysis, (profiling, correlation, investigation) through the role sequence of volatile data to a realization of defined intelligence.  Regardless of the roles involved in the energy transfer (the “effort”), the presence of strong momentum dramatically increases the chances for realization results.  Alternatively, transfers with low or moderate momentum die out or even compromise realization outcomes.   In the realm of intelligence work, energy transfer can result in a strong, moderate or weak exchange, which means handing off energy through the role sequence is not enough.  More specifically, working in isolation and stovepipes can impede the passage of energy through the role sequence.  Momentum, especially analytical momentum, must meet a certain magnitude within each role in the chain (volatile to defined) to
CyberDefenses, Inc.
CyberDefenses, Inc.
Page Metadata Update

New page title detected.

  • New: by Monty St John YARA works well, very well, in fact, against a diverse range of targets.  One of those is webpages.  As a target selection, it’s tough to find a more diverse and testy target to build an accurate rule.  They contain text, HTML, scripts, CSS and plenty more, which complicates devising a solid strategy to consistently and accurately detect via YARA.  Detection then, is not just a matter of focusing on the right target elements to match, but also paying attention to the location of the elements and the order of occurrence.   Um, why? HTML and webpages are not the normal fodder of YARA talk.  It’s an occasional blip as a conversation piece.  Attacks, however, come in all shapes and sizes and exploit kit pages, redirection portals, footprinting scripts, infection scripts, iframe pop ups and more are all eligible targets for YARA.  If you happen to leverage the OWASP Web Scanner, the project is focused on scanning webpages.  Of course, you don’t need that.  If you happe
  • Old: I want to take a second and talk about momentum.  Specifically, momentum and building intelligence.  In this context, I am referring to momentum as the forward energy of analysis, (profiling, correlation, investigation) through the role sequence of volatile data to a realization of defined intelligence.  Regardless of the roles involved in the energy transfer (the “effort”), the presence of strong momentum dramatically increases the chances for realization results.  Alternatively, transfers with low or moderate momentum die out or even compromise realization outcomes.   In the realm of intelligence work, energy transfer can result in a strong, moderate or weak exchange, which means handing off energy through the role sequence is not enough.  More specifically, working in isolation and stovepipes can impede the passage of energy through the role sequence.  Momentum, especially analytical momentum, must meet a certain magnitude within each role in the chain (volatile to defined) to

Out-Market Your Competitors?

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account Log in

By signing up, you agree to the Terms of Service and Privacy Policy.

Out-Market Your Competitors

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account

Already a user?  Log in

By signing up, you agree to the Terms of Service and Privacy Policy.