Oliver Rochford’s Post

I have talked before about how to chose a SIEM for Threat hunting The problem is most organizations start threat hunting very late after a long time of choosing implementing and deploying a SIEM solution, only to found that it is not powerful enough for threat hunting The tl;dr is you need to have some pre-existing functionalities in your SIEM Here is a real world example Elastic Good search speed No grouping capabilities or anything beyond filtering Qradar Filtering and Grouping (SQL-based) Kinda of nothing else And also much slower for large time periods than Elastic or Splunk Splunk Fast query, slightly less fast than elastic, but good enough for SOC analysis and threat hunting filtering Grouping Streaming stats (not found in any other on-premise SIEM solution) Clustering and Anomalydetection commands On the fly extraction (Rex command) Custom commands (including all of cyberchef plus other crypto and decoding functions) If you don’t have the budget for Splunk, it is a great idea to consider Elastic with Streaming before ingestion solution (such as Apach Kafka) Kafka can at least give you the ability to pre-bake some of the streaming stats) Also elastic integrates good with python and Jupyter and other analytics platforms (see HELK) The rest of SIEM solutions are Either SQL-based (therefore more or less like Qradar) Elastic-based (example logrhythm) However these solutions are closed so probably even worse And no one can be Splunk-based (but mostly fall in between SQL-based and Elastic-based solution) That is bcz it is an engineering choice when building the SIEM Either table-based (so SQL) Or indexing based (elastic) (Splunk is also indexing, but it has on the fly indexing schema, elastic builds schema before logging ingestion only, so you can’t re-index on the fly) Cloud SIEM solutions (Chronicles and MS Sentinel) are based on cloud tech (BigQuery and CosmosDB) which makes them more flexible And interestingly choice is humio, which is cloud based SIEM from crowdstrike using bloom filters, but in practice it is similar to table based SIEMs only faster which is good, but the solution is cloud only So the conclusion If you want to perform threat hunting using your SIEM in the near future without deploying another SIEM solution (3-5 years maybe!?) Pick Splunk, if you don’t have the budget pick elastic and keep in mind you will need to deploy Kafka later and optimize some stuff Other than this you are limiting your threat hunting capability It would be nice to see other SIEM platforms in the future Examples include, Graph-based solution (Neo4j maybe) which is my best choice Or maybe like in the below post this new company Auguria, Inc. which is building a SIEM using vector-database (which should be similar to AI and LLMs data embedding format, maybe that is their reason who knows)

🚀 Exciting News! Kicking off Project 8 in the #Amdari21DaysDataChallenge 🛡️ Project: Cybersecurity - A Machine Learning Approach to Network Intrusion Detection I'm thrilled to dive into this crucial project, focusing on fortifying computer systems against network intrusion and ransomware attacks using advanced machine learning techniques. 🔍 What I'll be working on: Leveraging Python libraries: NumPy, Pandas, Matplotlib, Seaborn, PySpark, and Sci-kit Learn Developing ML models to detect and prevent network intrusions Enhancing overall cybersecurity measures 🏢 Real-world context: We're tackling a pressing issue faced by SecureTech Solutions Inc., where sophisticated ransomware attacks are bypassing traditional security protocols, threatening both finances and reputation. This project isn't just about code – it's about safeguarding digital assets and preserving trust in an increasingly complex threat landscape. Stay tuned for updates as I navigate this challenging and vital aspect of data science in cybersecurity! Who else is passionate about using data science to enhance cybersecurity? Let's connect and share ideas! 💡 #Cybersecurity #MachineLearning #DataScience #NetworkSecurity #ArtificialIntelligence #Amdari21DaysDataChallenge #Ayodeji_BelloeAmdariTODDC

🔗💻🔎 DOI: https://lnkd.in/drmvhQgh 🧑📖 Detection and classification of threats and vulnerabilities on hacker forums based on machine learning 👨⚖️ 🏫 ©️ Saken Mambetov, Ihor Ilhe, Vitalina Babenko, Bakytzhan Kulambayev, Olena Fridman, Serik Joldasbayev, Hanna Doroshenko, Oleksandr Gurko, Yenlik Begimbayeva, Serhii Neronov (Kharkiv National Automobile and Highway University, Ukraine) Keywords: #cybersecurity, #hacker #forum, #threats #identification, #data #classification, #machine #learning Abstract The object of this study is the process of detecting threats and vulnerabilities in hacker forums, which are a well-known source of potential dangers for Internet users. However, the problem of analyzing and classifying data from these forums is its complexity due to such features of the participants' language as specific slang, jargon, etc., which requires the use of modern tools of their processing. This paper explores the application of machine learning to devise an effective method for analyzing sentiment and trends in hacker forums to identify potential threats and vulnerabilities in cyberspace. All necessary stages of the process of detecting threats and vulnerabilities have been developed, ranging from data collection and preprocessing to the training of a model that is capable of processing “raw” unstructured data from hacker forums. The implementation of six popular machine learning algorithms, namely k Nearest Neighbors (kNN), Random Forest, Naive Bayes, Logistic Regression, Support Vector Machines (SVM), and Decision Tree algorithms have been studied with a view to determining their efficiency of threat and vulnerability detection and classification. The experiments have been conducted on real data (150,000 messengers). It has been determined that the Random Forest algorithm coped with the task the best (accuracy=0.89, recall=0.84, precision=0.91, F1-score=0.87 and ROC-AUC=0.89). The proposed tool based on machine learning not only collects data that poses a potential threat but also processes and classifies it according to the specified keywords. This allows detecting threats and vulnerabilities at a high speed. The results of the study make it possible to identify potential trends in threats and vulnerabilities. This will contribute to the improvement of cybersecurity systems and ensure more reliable protection of information resources

🔍📊 Advent of Cyber 2023 - Day 2 Challenge: Log Analysis & Data Exploration Excited to dive into Day 2 of the Advent of Cyber challenge! Today's task involved exploring log data and understanding network traffic at AntarctiCrafts’ South Pole site. 🚀💻 We delved into the essentials of data science in cybersecurity, leveraging Python's Pandas and Matplotlib libraries to manipulate and visualize network data. The analysis highlighted patterns, protocol frequencies, and top traffic origins—fascinating insights! 💡📈 #AdventOfCyber2023 #Day2Challenge #Cybersecurity #DataScience #TryHackMe Looking forward to more hands-on challenges and learning experiences! 🔒✨

Thanks to Tracy Bannon for pointing me at this recent CVE. Anyscale already addressed the vulnerabilities and Ray’s design in a blog post. A recent update on ShadowRay from oligo is worth reviewing if you use Ray (links in the comments). Here’s an excerpt: “Because CVE-2023-48022 was disputed, many development teams (and most static scanning tools) are not aware that this vulnerability should concern them. Some of them might have missed this documentation section of Ray, while some of them are unaware of this feature. Researchers at Oligo Security have observed instances of CVE-2023-48022 being actively exploited in the wild, making the disputed CVE a “shadow vulnerability”—a CVE that doesn’t show up in static scans but can still lead to breaches and significant losses.” #ai #ML #MLops

📕 I'm excited to share a cybercrime project I have been working on: the analysis of over 6 million URLs to develop a model that predicts whether the URL is malicious or not 🛡(i.e. whether it can be categorised as phishing, malware or defacement). The best model turned out to be a Random Forest Classifier 🌳 Some key findings from the analysis: - Malware URLs showed more signs of being ‘obfuscated’ (i.e. disguised so as not to appear malicious) than the other malicious types - Phishing URLs frequently used battle.net and us.battle – these are 'type-squatted' versions of the genuine site us.battle.net (i.e. made to look genuine by being so similar to the original that they go unnoticed). - The Random Forest Classifier model performed the best in terms of prediction (93% accuracy), and so seems to be the best model to implement Tools used: 🐍 Python 📚 Pandas, NumPy, Scikit-Learn, Seaborn, Matplotlib and urllib.parse You can read more about it, including my recommendations to improve the model with further work, right here in my project portfolio: https://lnkd.in/eq6z-zCZ This was a challenging but fun project, and I learnt a few new things along the way 😊 #datascience #cybercrime #cyberdefence #cyberintelligence #python #dataanalysis #machinelearning #dataanalytics #dataanalysis #dataanalyst #datascientist

Day 2 and 3 of #AdventOfCyber2023! Day 2  🔍 Explored the company's network using Python and key libraries like Pandas and Matplotlib. 🌐 Discovered the power of data science in cybersecurity, from anomaly detection to threat trend analysis. 📊 Delved into Jupyter Notebooks to visualize and communicate our findings effectively. I learnt:  1️⃣ Introduction to data science and its applications in cybersecurity. 2️⃣ Python basics - a versatile language for web dev, game dev, AI, and more. 3️⃣ Hands-on experience with Pandas for data manipulation. 4️⃣ Creating insightful visualizations using Matplotlib. Day 3 Embarked on a thrilling cyber investigation where critical systems were mysteriously locked, and chaos ensued at AntarctiCrafts! 🔒❄️ 🤯 Doors to IT rooms and network infrastructure sealed! 😱 Detective Frost-eau loses a snow arm in the lockdown! 🚨 Mission: Uncover the culprit disrupting business ops and gifts delivery. Learning Journey: 🔐 Explored password complexity and its impact on security. 💻 Understanding brute force attacks and their feasibility. 🌐 Generated password combinations using Crunch. 🕵️♂️ Automated password testing with Hydra. 🤔Fun facts: There are 10,000 PIN code possibilities for a 4-digit code, and over 14 million passwords combos with 4 characters. This is your cue to change your passwords and use at least 8 characters including uppercase, lowercase and symbols. By the way, I am learning proper ways of posting on LinkedIn from my friend Patricia Ihunwo 🤩. #AdventOfCyber #Cybersecurity #continuouslearning #tryhackme

Task#4 Oasis Infobyte EMAIL SPAM DETECTION WITH MACHINE LEARNING We’ve all been the recipient of spam emails before. Spam mail, or junk mail, is a type of email that is sent to a massive number of users at one time, frequently containing cryptic messages, scams, or most dangerously, phishing content. In this Project, use Python to build an email spam detector. Then, use machine learning to train the spam detector to recognize and classify emails into spam and non-spam. Let’s get started!

Back in my Intro to Information Security class, we played games to learn about cybersecurity. It was so much fun! Now, I’m looking for cool ways to practice SQL (interview questions are getting boring!). These seemed fun: 1. SQL Island: https://lnkd.in/gzG8fjxw 2. SQLPD: https://sqlpd.com/ 3. Mystery Knight Lab: https://lnkd.in/gbuvTkEH (haven't tried yet) 4. SQL Zoo - White Christmas: https://lnkd.in/g5UAn_xJ 5. Querymon: https://lnkd.in/gX7-A7Wc (haven't tried yet) Have fun and happy learning! #data #datascience #sql #tech