Cyber as a Science

tl:dr Incremental Learning is an extremely useful machine learning paradigm for deriving insight into cyber security datasets. This post provides a simple example involving JA3 hashes showing how some of the foundational algorithms that enable incremental learning techniques can be applied to novelty detection (the first time something has happened)…

Overview RFCs have played a pivotal role in helping to formalise ideas and requirements for much of the Internet’s design and engineering. They have facilitated peer review amongst engineers, researchers and computer scientists, which in turn has resulted in specification of key Internet protocols and their behaviours so that developers…

tl;dr Today we’ve released a whitepaper on the key techniques that continue to enable us to breach the largest and most sophisticated organisations on the planet. Organisations that prioritize these areas, and the mitigations we outline, will thwart attacks while making threat actors work harder and ultimately fail more often.…

tl;dr 1,300 phishing campaigns were analysed involving over 360,000 users Targets in Charities to be over 3 times more likely to click than the Health Sector However once clicked half of all targets were likely to supply credentials regardless Best case 1/10 of targets will click a link Best case…

tl;dr Anti-Fuzzing is a set of concepts and techniques that are designed to slowdown and frustrate threat actors looking to fuzz test software products by deliberately misbehaving, misdirecting, misinforming and otherwise hindering their efforts. The goal is to drive down the return of investment seen in fuzzing today by virtue…

Managing firewall rulesets in any moderately-sized environment can be a complicated task. As IT infrastructures perpetuate change, firewall rules often become more complicated, overlapped and difficult to manage. We’ve been working on a prototype of a tool which seeks to provide more assurance over firewall rulesets; by providing better insight…