NetFlow Ninjas Blog
POSTED BY Brandon Tansey on 10.15.2014
A few short weeks ago, the details of the Shellshock vulnerability were made public. Since the bug was published, we’ve seen all kinds of scanning activity on the Internet. Some of these scans were benign scans by researchers, but others were distributing malware. We were immediately curious about...
POSTED BY Keith Wilson on 09.30.2014
In my last two posts, I’ve walked through the steps an attacker would take when performing reconnaissance and then weaponization . Today we’re going to continue our climb up the Cyber Security Kill Chain as we utilize social engineering to deliver our malware to the victim. During reconnaissance I...
POSTED BY Coty Sugg on 09.29.2014
Last week, Charles Herring gave a presentation on Network Behavior Anomaly Detection (NBAD) titled “Looking for the Weird.” He discussed how real-world breaches in 2013 were detected by looking at traffic deviating from normal patterns via metadata and NetFlow analysis. Afterwards, Herring held the...
CATEGORIES: 
POSTED BY Brandon Tansey on 09.25.2014
On Wednesday afternoon, the details behind CVE-2014-6271 were published to the OSS-Sec mailing list. Shortly after that, the bug that is now being called “Shellshock” took off. Troy Hunt put together another write-up worth reading (the comments have some good information as well), but in short:...
POSTED BY Tom Cross on 09.17.2014
One of the concerns that has been raised about the Heartbleed vulnerability is that it was introduced into the OpenSSL code base several years ago, and it’s possible that some attackers were aware of it and launching attacks before it was publicly disclosed this week. Unfortunately, the attack,...
POSTED BY Angela Frechette Cannon on 09.09.2014
This week, Lancope is sponsoring and exhibiting at HP’s annual security user conference, HP Protect. HP relies on Lancope’s StealthWatch System to provide its network security team with a cost-effective, yet powerful way to monitor and analyze network traffic.
POSTED BY Tom Cross on 09.05.2014
In the last several installments of this blog post series, we spent some time talking about 1) the different types of insider threats, 2) how to combat each one, and 3) how network logs can play a vital role in thwarting all of the various insider threat actors. Below is a Top 10 List recapping...
CATEGORIES: 
POSTED BY Tom Cross on 08.21.2014
In Part 2 of this blog series, we discussed various security tools that can be used to detect and subvert the different classes of insider threats. While each type of insider threat requires different security measures, one technique that can help tremendously across the board is the monitoring of...
POSTED BY Keith Wilson on 08.18.2014
I’m back this week and moving swiftly up the Kill Chain. In my previous post , I detailed what an advanced attacker would do during the reconnaissance phase of the Security Kill Chain. As I continue, there are a few points I want to make: This is not an actual attack. I’m working purely in...
POSTED BY Tom Cross on 08.05.2014
Last year Edward Snowden revealed that the NSA is collecting the telephony metadata of millions of Americans. This revelation has sparked a debate about the power of metadata. Supporters of the program have attempted to reassure the public that their privacy is not being violated because the...

Pages