PolarProxy flow chart

PolarProxy Released

I'm very proud to announce the release of PolarProxy today! PolarProxy is a transparent TLS proxy that decrypts and re-encrypts TLS traffic while also generating a PCAP file containing the decrypted traffic ...
Is NTA Another Kind of IDS

Is NTA Just Another Kind of IDS?

Earlier last year, Anton Chuvakin of Gartner posted a question I’ve spent the past few years focused on. Actually, I’ve focused on it since working in the Network Security Wizards office on ...
Security Boulevard
Open Source Security Tools and Threat Hunting: The 10 Most Read Bricata Posts on Cybersecurity in 2018

Open Source Security Tools and Threat Hunting: The 10 Most Read Bricata Posts on Cybersecurity in 2018

Every week we publish a blog post where we dive into a topic or study around network security. In 2018, we even produced ...
Profiling And Detecting All Things SSL With JA3 - John Althouse and Jeff Atkinson

Network Visibility: Can You Analyze Encrypted Traffic for Cybersecurity Threats?

We get this question a lot: Can you analyze encrypted traffic for cyber threats? It just came up again during the question and ...
Here is How Open Source DIY Fatigue Saps Cybersecurity Resources

Here is How Open Source DIY Fatigue Saps Cybersecurity Resources

| | Blog, Bro IDS, ids, Snort IDS, Zeek IDS
Open source security tools often start as cost-saving DIY projects inside cybersecurity organizations, but as the network grows, these take more time to maintain and manage, which detracts from the task of ...
Pony using curl to set: Accept-Encoding: identity, *;q=0

Detecting the Pony Trojan with RegEx using CapLoader

This short video demonstrates how you can search through PCAP files with regular expressions (regex) using CapLoader and how this can be leveraged in order to improve IDS signatures. Your browser does ...
EH-Net - Kendall - Hacking Retro

Hacking Retro

Bring out your disco ball, your leg warmers, and your VHS tapes! While a lot of us watch the VH1 hit “I Love the 80s” for pop culture, I’m always drawn to ...
NextGen SIEM Isn’t SIEM

NextGen SIEM Isn’t SIEM

Security Information and Event Management (SIEM) is feeling its age. Harkening back to a time in which businesses were prepping for the dreaded Y2K and where the cutting edge of security technology ...
2017BSidesSpfd Jason Reaves Malware C2 over x509 Certificate Exchange

Examining an x509 Covert Channel

Jason Reaves gave a talk titled 'Malware C2 over x509 certificate exchange' at BSides Springfield 2017, where he demonstrated that the SSL handshake can be abused by malware as a covert command-and-control ...