Geeks, Machines and Outsiders: How the Security Industry Fared at RSA
Last week at RSA—the security industry’s largest conference—Andrew McAfee, co-author of “The Second Machine Age: Work, Progress and Prosperity in a Time of Brilliant Technologies”, introduced the...
View ArticleChange: Three Ways to Challenge Today’s Security (UX) Thinking
Last week, I was fortunate enough to spend three and a half days on the floor at RSA for its “Change: Challenge Today’s Security Thinking” inspired conference. I was simply observing and absorbing the...
View ArticleHow the Sino-Russian Cyber Pact Furthers the Geopolitical Digital Divide
As I wrote at the end of last year, China and Russia have been in discussions to initiate a security agreement to tackle the various forms of digital behavior in cyberspace. Last Friday, Xi Jinping and...
View ArticleClik here to view.
Open-Sourcing Your Own Python Library 101
Python has become an increasingly common language for data scientists, back-end engineers, and front-end engineers, providing a unifying platform for the range of disciplines found on an engineering...
View ArticleClik here to view.
Stop Saying Stegosploit Is An Exploit
Security researcher Saumil Shah recently presented “Stegosploit” (slides available here). His presentation received a lot of attention on several hacker news sites, including Security Affairs, Hacker...
View ArticleMuch Ado About Wassenaar: The Overlooked Strategic Challenges to the...
In the past couple of weeks, the US Bureau of Industry and Security (BIS), part of the US Chamber of Commerce, announced the potential implementation of the 2013 changes to the Wassenaar Arrangement...
View ArticleOPM Breach: Corporate and National Security Adversaries Are One and the Same
On June 5, 1989, images of a lone person standing ground in front of Chinese tanks in Tiananmen Square transfixed the world. On the same day twenty-six years later, the United States government...
View ArticleThe Digital Domain’s Inconvenient Truth: Norms are Not the Answer
To say the last week has been a worrisome one for any current or former federal government employees is a vast understatement. Now, with this weekend’s revelations that the data stolen in the OPM...
View ArticleClik here to view.
Data Science for Security: Using Passive DNS Query Data to Analyze Malware
Most of the time, DNS services—which produce the human-friendly, easy-to-remember domain names that map to numerical IP addresses—are used for legitimate purposes. But they are also heavily used by...
View ArticleClik here to view.
Meet Endgame at Black Hat 2015
Endgame will be at Black Hat!Stop by Booth #1215 to: GET AN ENDGAME ENTERPRISE DEMOSign up here for a private demo to learn how we help customers automate the hunt for cyber adversaries. MEET WITH...
View ArticleClik here to view.
Examining Malware with Python
Before I came to Endgame, I had participated in a couple of data science competitions hosted by Kaggle. I didn’t treat them as competitions so much as learning opportunities. Like most things in the...
View ArticleWhy We Need More Cultural Entrepreneurs in Security & Tech
Recently, #RealDiversityNumbers provided another venue for those in the tech community to vent and commiserate over the widely publicized lack of diversity within the industry. The hashtag started...
View ArticleClik here to view.
Sprint Defaults and the Jeep Hack: Could Basic Network Settings Have...
In mid-July, research into the security of a Jeep Cherokee was disclosed though a Wired article and subsequent Black Hat presentation. The researchers, Charlie Miller and Chris Valasek, found an...
View ArticleBlack Hat 2015 Analysis: The need for Global Thinking and Participation in...
This year’s Black Hat broke records yet again with the highest levels of attendance, including highest number of countries represented and, based on the size of the business hall, companies represented...
View ArticleClik here to view.
NLP for Security: Malicious Language Processing
Natural Language Processing (NLP) is a diverse field in computer science dedicated to automatically parsing and processing human language. NLP has been used to perform authorship attribution and...
View ArticleClik here to view.
Hunting for Honeypot Attackers: A Data Scientist’s Adventure
The U.S. Office of Personnel Management (known as OPM) won the “Most Epic Fail” award at the 2015 Black Hat Conference for the worst known data breach in U.S. government history, with more than 22...
View ArticleThree Questions: Smart Sanctions and The Economics of Cyber Deterrence
The concept of deterrence consistently fails to travel well to the cyber realm. One (among the many) reasons is that, although nuclear deterrence is achieved through nuclear means, cyber deterrence is...
View ArticleMeet Endgame at AWS re:Invent 2015
See how we automate the hunt for cyber adversaries.Stop by Booth #1329 to:SEE A DEMO OF ENDGAME PRODUCTSSign up here for a private demo to learn how we detect attacks that:Use native tools to locate,...
View ArticleClik here to view.
MinHash vs. Bitwise Set Hashing: Jaccard Similarity Showdown
As demonstrated in an earlier post, establishing relationships (between files, executable behaviors, or network packets, for example) is a key objective of researchers when automating the hunt. But,...
View ArticleWebinar: Automating the Hunt for Network Intruders
As adversaries - whether criminal or otherwise - make use of increasingly sophisticated attack methods, network defenses have not kept pace; they remain focused on signature-based, reactive measures...
View Article