Pentesting gRPC / Protobuf : Decoding First steps

Protocol Buffers (a.k.a ProtoBuf) and other binary serialization representations are gaining popularity, especially in inter-microservice communication. Unlike JSON or HTTP, ProtoBufs are not human readable (hence the "binary" part of binary serialization) , but that translates into an advantage of  less overhead, leading to performance gains, and the ability to code against a fixed schema … Continue reading Pentesting gRPC / Protobuf : Decoding First steps

Advertisements

What do Smartphone Predictive Text and Cybersecurity have in common?

Maybe the link between your smartphone keyboard and current machine learning research in cybersecurity is not apparent at first glance, but the technology behind both is extremely similar: both leverage deep learning architectures called Recurrent Neural Networks [RNNs], specifically a type of RNN called Long Short Term Memory [LSTM]. One of the main advantages of … Continue reading What do Smartphone Predictive Text and Cybersecurity have in common?

Anomaly detection vs Ransomware

A big part of what we do at CyberSift is anomaly detection. The recent WannaCry attack highlighted the growing threat of ransomware in the security landscape. The WannaCry authors may have made amateur mistakes, and there may be more stealthy and profitable attacks than WannaCry, but the negative impact it has had on Windows users … Continue reading Anomaly detection vs Ransomware

Threat hunting using DNS indicators

DNS is a great source of information for security analysts… if you’re not already monitoring DNS activity in your network — you should start asap, for the reasons we’ll explore in this article DNS is one of the major workhorses that powers the Internet. Everything uses DNS — browsers, apps, updates… and malware. Almost every malware needs to “phone … Continue reading Threat hunting using DNS indicators

Using Twitter as a source of Indicators of Compromise

At CyberSift we strive to turn threat data into threat intelligence. These two are not one and the same, there is a subtle difference which we can summarize succinctly as follows: threat data + context = threat intelligence One of the best ways to add context to alerts that get sent to a security analyst … Continue reading Using Twitter as a source of Indicators of Compromise

The importance of data mining in the field of cybersecurity

In a very interesting article on TechCrunch, Michael Schiebel writes about the various ways in which security analysts can learn from data scientists. He makes a couple of points that are worth highlighting. Today, hacking is a much more complex art than it used to be: It no longer only involves just scanning and penetrating … Continue reading The importance of data mining in the field of cybersecurity

We are failing at the cyber security hierarchy of needs

Many of us are probably familiar with the concept of the “hierarchy of needs”. The concept is usually depicted as a pyramid with humans’ more essential needs — such as bodily function — at the bottom, with more non-essential but rewarding needs towards the top: Marlow’s Hierarchy of needs (https://en.wikipedia.org/wiki/Maslow's_hierarchy_of_needs)What if we extend this concept of a hierarchy of … Continue reading We are failing at the cyber security hierarchy of needs