Security on Shadow Engineering

Jupyter Notebooks and Pandas for Security Analysis

Sat, 03 Dec 2022 02:49:03 +0000

Jupyter Notebooks
#

Jupyter Notebooks are an interactive way to run python commands alongside documenting with rich text. This means we can methodically execute code, track actions undertaken, and recreate events. While the original intent was mainly directed at data scientists, as you can imagine, this is pretty appealing to security analysts.

It doesn’t matter whether you’re a threat hunter, or a forensic analysis - collecting artefacts from multiple sources, and correlating them is a pretty common process. Jupyter notebooks allow us to do this, record the results and potentially manipulate our data to extrapolate additional information.

SOC Automation with Inspector Gadget

Sat, 28 May 2022 11:30:03 +0000

Inspector Gadget is a tool to help SOCs scale and automate augmention of alerts. Whether that’s through an analyst leveraging Inspector Gadget directly, or through a Security Orchestration, Automation and Response (SOAR) platform.

It’s a proxy API endpoint, that can communicate to other API endpoints. This means that given a particular Indicator of Attack (IOA), it can connect to multiple API endpoints for third party services to provide more information and context around it, and help make a better assessment to the validity or malicious nature of it.

It’s built upon FastAPI and httpx, meaning it’s designed with parallelism in mind, then thanks to Celery/Redis it can scale to meet your demands while still maintaining that quick response. Even the core library that maps indicator types to third party API endpoints (ioclib) is built with asynchronous actions for speed.

Iterations of this Site

Sat, 23 Apr 2022 11:30:03 +0000

In 2018 I applied for a position at Google, to start the day long series of interviews I got asked one simple question:

How would you create a secure web page?

I responded at first about securing the host, implementing SELinux, putting SSH on a high port with a certificate, sticking it behind a WAF. I had started to go into detail about the CI/CD pipeline when I was interrupted by the interviewer asking if I had heard of things such as HSTS and HKPI. I confessed that I hadn’t, and knew there must have been a whole world of things that I simply hadn’t had exposure to, so I took a mental note to go away, build myself a website and to try and experiment.

Project Chaos

Sun, 04 Apr 2021 11:30:03 +0000

Meet Scarlett Reynolds, a new starting ICT Sales Representative, for a small technology start up named Eigar Technologies, that’s based in Sydney, Australia.

She studied at Arthur Phillip High School in Parramatta, before graduating in a double degree in IT and Business from UTS in 2013. She’s a virgo and her first car was a ‘96 Corolla, and she doesn’t exist.

Neither does Eigar Technologies. In fact, the name Eigar Technologies is a portmanteau of Eiger, a mountain in the Swiss Alps, and EICAR, the test file associated with Antivirus program validation.

Chaos Analyst

Sat, 01 Feb 2020 00:00:00 +1000

Abstract
#

As organisations look to new methodologies to increase, test, and verify resiliency of infrastructure and applications, so can SOCs look to new methodologies to validate integrity of logging, tools, platforms, analysis and re-enforce forensic tradecraft, as they incorporate automation tools into their arsenals. Chaos Analyst is a new methodology for SOCs which looks at implementing scenarios that force analysts to overcome obstacles that impact their ability to address alerts, or in more advanced scenarios, validate potentially compromised logs and data. This can be incorporated into red team activity to mimic more sophisticated attackers and manipulation, improving the ability of response, the tradecraft and preparedness of the SOC in detecting and preventing actors from compromising all elements of the business.

Adventures from the Other Side of Phishing

Tue, 01 Oct 2019 00:00:00 +1000

Background
#

I know it may be hard to believe, but this poor looking website above is not the legitimate NAB website, it’s a poor mockery of a NABs internet banking portal based off a phishing kit we’ve seen. How do I know this? Because I made it.

It stemmed from a weird need, we often need to showcase our phishing capability to seniors in the bank and as a good educational piece to students and employees. Depending on who we’re showcasing to we’re either demonstrating how we respond and manage the risk to customers, or educating users for simple things they can identify to determine the legitimacy. It also helps to showcase the other side of the phishers themselves; a lot of people don’t seem to realise what’s being gathered.