SOC Analytics
Blog Posts
Security Analytics: Using SiLK and Mothra to Identify Data Exfiltration via the Domain Name Service
This post explores how the DNS protocol can be abused to exfiltrate data by adding bytes of data onto DNS queries.
• By Timothy J. Shimeall
In Cybersecurity Engineering
Security Analytics: Tracking Software Updates
This blog post presents an analytic for tracking software updates from official vendor locations.
• By Timothy J. Shimeall
In Cybersecurity Engineering
Security Analytics: Tracking Proxy Bypass
This post describes how to track the amount of network traffic that is evading security proxies for services that such proxies are expected to cover.
• By Timothy J. Shimeall
In Cybersecurity Engineering