Blog Posts
Security Analytics: Using SiLK and Mothra to Identify Data Exfiltration via the Domain Name Service
This post explores how the DNS protocol can be abused to exfiltrate data by adding bytes of data onto DNS queries.
• By Tim Shimeall
In Cybersecurity Engineering
Security Analytics: Tracking Software Updates
This blog post presents an analytic for tracking software updates from official vendor locations.
• By Tim Shimeall
In Cybersecurity Engineering
Security Analytics: Tracking Proxy Bypass
This post describes how to track the amount of network traffic that is evading security proxies for services that such proxies are expected to cover.
• By Tim Shimeall
In Cybersecurity Engineering
Three Places to Start in Defending Against Ransomware
Learn three initial efforts for defending against ransomware in this informative SEI Blog post.
• By Tim Shimeall
In CERT/CC Vulnerabilities
Situational Awareness for Cyber Security Architecture: Tools for Monitoring and Response
Visibility into the activities within assets enables network security analysts to detect network compromises. Analysts monitor these activities directly on the device....