I started in Cybersecurity on January 9, 2017. In that time I have become experienced in
- Threat hunting
- Kali Linux
- PhishMeTriage Rule/Recipe creation
- IBM Qradar rule creation/tuning
- Writing basic web client/scripting for PhishMeThreatHQ, Mandiant HX
- Malware analysis using tools like RegShot, ApateDNS, Pyew, SIFT Workstation & Remnux
- Incident Response and incident escalation processes
- Scripting for threat intelligence gathering and data visualization
Understanding Types of Attacks and Vulnerabilities
See a demonstration of the methods behind a dictionary attack on my Python page
SIEM Data: Which Public IP’s Are Malicious?
AlienVault’s Public IP Reputation Database
AlienVault is a company that offers its proprietary product, the Unified Security Management Suite that boasts an update from the Open Threat Exchange every half hour, providing something very close to real-time security data.
Databases are a great way to get raw structured data. Thanks to AlienVault’s maintained and public IP Reputation database we have real security data to work with. The purpose being defined as limiting the likelihood that a triggered event will be a false positive if it is from one of these malicious IP’s.
Histograms are a great way to take a look at the data at a high level before further analysis.
top 10 countries by frequency.
This chart tells us that the country with the most records within the dataset is China, followed by the US.
A histogram is essentially a count of frequencies, how often a data factor occurs within a dataset.i.e… how many times each letter occurs in ‘applesauce’.
The data has several other columns such as IP Risk and IP Reliability that can be broken down to get a better look at what the dataset implies for a complete look at these public IP’s reputation.
At a glance. This is the Dashboard view of the workbook.
An aggregated look at Risk
% of total Risk : China
% of total Risk : USA
Weaved A secure alternative to port forwarding
By using the hosted VPN solution, Weaved, I can communicate with and access devices on my home network while away.
By using a secure proxy server connection, Weaved eliminates the need for port forwarding, limiting the chances for network intrustions by nosey port scanning “bad actors”.
Getting on my Raspberry Pi away from home:
Remote Desktop Viewer, RealVNC
Weaved also supports installation of services for SSH, Webservers, and Remote Desktop software (tightvncserver and RealVNC)