Enterprise Detection & Response
Tuesday, April 5, 2022
Stop Using Hashes for Detection (and When You Should Use Them)
›
Fun fact! When I published the Pyramid of Pain in 2013 it didn’t exactly match up with today’s version. Here’s what it originally looked ...
1 comment:
Tuesday, May 1, 2018
Enhancing Enhanced Privacy: Checking Pwned Passwords Quickly and Anonymously with Bloom Filters
›
[ Update 2018-06-15: A colleague pointed out a link to similar work , but written in Go.] It all started innocently enough, but like most...
2 comments:
Tuesday, November 29, 2016
Hunting for Malware Critical Process Impersonation
›
A popular technique for hiding malware running on Windows systems is to give it a name that's confusingly similar to a legitimate Windo...
2 comments:
Monday, September 26, 2016
Detecting Data Staging & Exfil Using the Producer-Consumer Ratio
›
In their FloCon 2014 presentation PCR - A New Flow Metric , Carter Bullard and John Gerth introduced the idea of the Producer-Consumer Rati...
›
Home
View web version
