Acoustic: Solving a CyberDefenders PCAP SIP/RTP Challenge with R, Zeek, tshark (& friends)

Hot on the heels of the previous CyberDefenders Challenge Solution comes this noisy installment which solves their Acoustic challenge. You can find the source Rmd on GitHub, but I’m also testing the limits of WP’s markdown rendering and putting it in-stream as well. No longer book expository this time since much of the setup/explanatory bits… Continue reading →

Packet Maze: Solving a CyberDefenders PCAP Puzzle with R, Zeek, and tshark

It was a rainy weekend in southern Maine and I really didn’t feel like doing chores, so I was skimming through RSS feeds and noticed a link to a PacketMaze challenge in the latest This Week In 4n6. Since it’s also been a while since I’ve done any serious content delivery (on the personal side,… Continue reading →

A Small macOS (Big Sur+) App to Extract Indicators of Compromise

There’s a semi-infrequent-but-frequent-enough-to-be-annoying manual task at $DAYJOB that involves extracting a particular set of strings (identifiable by a fairly benign set of regular expressions) from various interactive text sources (so, not static documents or documents easily scrape-able). Rather than hack something onto Sublime Text or VS Code I made a small macOS app in SwiftUI… Continue reading →

Getting a Handle on macOS App Entitlements with R

If you’ve been following me around the internets for a while you’ve likely heard me pontificate about the need to be aware of and reduce — when possible — your personal “cyber” attack surface. One of the ways you can do that is to install as few applications as possible onto your devices and make… Continue reading →

Soon May the Vendorman Come

There was an org that didn’t see The data exfil hacking spree. A patch went up, our guard was down, Oh blow, SolarWinds, blow. Soon may the Vendorman come, And bring us Yara rules to run. One day when their huntin’ is done, They’ll take their scripts and go. There was no implant here before,… Continue reading →

A Look at PAN-OS Versions with a Bit of R

The incredibly talented folks over at Bishop Fox were quite generous this week, providing a scanner for figuring out PAN-OS GlobalProtect versions. I’ve been using their decoding technique and date-based fingerprint table to keep an eye on patch status (over at $DAYJOB we help customers, organizations, and national cybersecurity centers get ahead of issues as… Continue reading →

CRAN Mirror “Security”

In the “Changes on CRAN” section of the latest version of the The R Journal (Vol. 10/2, December 2018) had this short blurb entitled “CRAN mirror security”: Currently, there are 100 official CRAN mirrors, 68 of which provide both secure downloads via ‘https’ and use secure mirroring from the CRAN master (via rsync through ssh… Continue reading →

Acquisitions and Supply Chains: The Achilles’ heel of Product/Organizational Security

(A reminder to folks expecting “R”/”data science” content: the feed for that is at https://rud.is/b/category/r/feed/ if you don’t want to see the occasional non-R/datasci posts.) Over at the $WORK blog we posted some research into the fairly horrible Cisco RV320/RV325 router vulnerability. The work blog is the work blog and this blog is my blog… Continue reading →

rud.is

"In God we trust. All others must bring data"

Post Category → Information Security