Information Security


I started in Cybersecurity on January 9, 2017. In that time I have become experienced in

  • Threat hunting
  • Kali Linux
  • PhishMeTriage Rule/Recipe creation
  • Nessus
  • IBM Qradar rule creation/tuning
  • Writing basic web client/scripting for PhishMeThreatHQ, Mandiant HX
  • Malware analysis using tools like RegShot, ApateDNS, Pyew, SIFT Workstation & Remnux
  • Incident Response and incident escalation processes
  • Scripting for threat intelligence gathering and data visualization


Understanding Types of Attacks and Vulnerabilities

See a demonstration of the methods behind a dictionary attack on my Python page


SIEM Data: Which Public IP’s Are Malicious?

AlienVault’s Public IP Reputation Database

AlienVault is a company that offers its proprietary product, the Unified Security Management Suite that boasts an update from the Open Threat Exchange every half hour, providing something very close to real-time security data.

Databases are a great way to get raw structured data. Thanks to AlienVault’s maintained and public IP Reputation database we have real security data to work with. The purpose being defined as limiting the likelihood that a triggered event will be a false positive if it is from one of these malicious IP’s.

A Histogram

Histograms are a great way to take a look at the data at a high level before further analysis.


top 10 countries by frequency.

counts_rep.png

This chart tells us that the country with the most records within the dataset is China, followed by the US.

A histogram is essentially a count of frequencies, how often a data factor occurs within a dataset.i.e… how many times each letter occurs in ‘applesauce’.

Screen Shot 2016-10-01 at 4.26.26 PM.png

Next Steps

The data has several other columns such as IP Risk and IP Reliability that can be broken down to get a better look at what the dataset implies for a complete look at these public IP’s reputation.

At a glance. This is the Dashboard view of the workbook.


screenshot


Risk 1-7

An aggregated look at Risk

Screen Shot 2016-10-10 at 9.25.48 PM.png

% of total Risk : China

Screen Shot 2016-10-10 at 9.51.06 PM.png

% of total Risk : USA

Screen Shot 2016-10-10 at 9.51.24 PM.png

Ranking, aggregated

Screen Shot 2016-10-11 at 12.56.49 PM.png



Networking


Weaved A secure alternative to port forwarding

By using the hosted VPN solution, Weaved, I can communicate with and access devices on my home network while away.

By using a secure proxy server connection, Weaved eliminates the need for port forwarding, limiting the chances for network intrustions by nosey port scanning “bad actors”.

Getting on my Raspberry Pi away from home:

Remote Desktop Viewer, RealVNC

Screen Shot 2016-09-23 at 3.41.43 PM.png


Weaved also supports installation of services for SSH, Webservers, and Remote Desktop software (tightvncserver and RealVNC)