Category Archives: Uncategorized

Using FAIR with CTI – Some key definitions

Using FAIR with CTI – Some key definitions

This post won’t cover all the Factor Analysis of Information Risk (FAIR) definitions. It will provide the ones I think are vital for using FAIR with Threat Intelligence (TI) and Cyber Threat Intelligence (CTI). I’m paraphrasing several sources, but it’s the way I understand the definitions I learned over the years. If you want in-depth/exact definitions from my sources, for FAIR, lookup: Measuring and Managing Information’s Risk, The Open Group’s Open FAIR Risk Taxonomy and Risk Analysis whitepapers, the RiskLens FAIR study guide (provided as part of the course). For Threat Intelligence, lookup: Effective Threat Intelligence, and Intelligence Analysis 6th edition.

Continue reading

Current Python Working Environment.

Over the last nine to ten months, I’ve changed how I’ve been using Python, again.

Working environment:

I work in either Debian or Xubuntu Linux, or Windows Subsystem Linux (WSL) Debian. I prefer Debian on bare metal hardware. The VMs I use at work are usually Xubuntu (faster, easier setup). Work’s laptop has Windows 10 Enterprise on it, which is where WSL comes in.

Continue reading

productivity vs tweaking

I’ve been wanting to switch back to a Linux based system for a while. Main hold up has been school. Recently I  got to rebuild my travel laptop to run Linux.

I started with Debian, but after 2 days and a bunch of tweaking of the system and still not to the point of of actually start working.

So out goes Debian, in moves Xubuntu. A couple of hours later up and running. Disappointed, I’d rather be running Debian. But I really don’t have the time to spend doing endless tweaking. I have several other things to do.

Remnux and Docker

At work, we have this thing on Fridays called power up time.  It is the last 4 hours of the week to work on personal projects, test new ideas to see if they are worth implementing, or self improvement.  Most weeks it is when I get to look at the most tickets doing Tactical level intelligence since the rest of the week is filled with project or priority case work.

Recently while working on tactical level information for SOC tickets, I was able to add in a little fun, and actually power up.  I wanted to do some reverse engineering of the malware associated with the  ticket, to see if there was more IOCs that could be extracted.

Earlier in the day I read an email in the SANS DFIR alumni list, which included someone talking about using Remnux with docker.  So later in the the day working the ticket, and because I didn’t have a Remnux box, I decided to check out the docker containers.  This was also my first time working with docker as well.  Starting at Lenny Zeltzer’s Remnux Docker Site.

I went to my linux vm, a box that gets reset to the fresh installed state via snapshot after each use.  After a sudo apt install and a sudo docker pull remnux/pescanner I had the container.

I ran it and learned a little bit about docker. I also got an understanding of some of the information that VirusTotal displays under the detail tab.

pulled in many directions

So my current reading list had changed 3 times in the last 3 weeks or so since the Fall class ended. I had started with:

Then it was going to be some Social Media Intelligence books:

Now it’s Counterhack Reloaded, which I’m using as my only study materials before the GCIH exam in a couple of months.

Can someone tell me again, why I try to make plans since I always seem to get pulled in many directions at once and not study what I want?

ARRL Field Day

Over the weekend I did my very first ARRL Field Day. It was rather interesting. For those that don’t know what Field Day is, it’s when the Amateur Radio Service (yes there is a public service aspect to the HAM Hobby and License) gets together to make contacts under adverse conditions. The club I am in, Ford Amateur Radio League, teamed up again this year with the Livonia Radio Club. We had a tent with a generator out in the middle of a field.

Continue reading

Getting the Raspberry Pis ready

As I mentioned before here and here I’ll be at Circle City Con, talking about the Raspberry Pi WIDS project I did last year at Eastern.

I’ve updated all my Raspberry Pis, including the firmware. I’ve setup a Raspberry Pi B+ and the Raspberry Pi 2 with the respective Kali images. But they still need to be set up as kismet drones, and tested.

I also need to set up the hard drive for the con, and update my slide deck.

1 week to do it in. Plenty of time.  (Famous last words).