Mai's Whole Grain Sticky Rice

Being born and raised in Japan and a methodical cook, Mai has mastered cooking the perfect bowl of rice (in my opinion.) When she was visiting Japan and I was at home, I asked her help in learning how to make it myself. The recipe includes both her original guidance and my American translation (dumbing down.) It is a staple in everyday meals in our home. The whole grain, brown, genmai rice has additional fiber and nutrients over most typical white rice.

Vegan Double-Chocolate, Double-Nut Cookies

This recipe is adapted from the peanut-butter cookies I made with my mother and brother as a child. I've converted the recipe to be a plant-based, vegan recipe and I replace refined sugar with sweeteners that are gentler on the body. The cookie is pretty high in protein and fiber for a cookie. They are not overly sweet and are an effective way of satiating my sweet tooth without regret. They are sticky and messy to make but worth the effort.

Machine Learning Driven Social Engineering

Given at the 10th Annual Chicago Hacking Conference on 11/6/23. Machine learning (ML) is arguably the most potent advancement in technology since atomic fission with similar benefit and risk extremes. The outcome driven nature of machine learning allows computers to rapidly test theories to find pathways to support specific goals. These approaches applied to social engineering can be used to manipulate human factors for purposes including cybersecurity breach. This session will cover the philosophies, strategies and tactics used to accomplish a successful campaign to recruit human assets to a cause. Factors to mitigate risk in these advanced social engineering attacks will also be examined.

GrrCON 2023 - Deterring Cybercrime via a Global CyberGrid

Abstract

Detecting, catching and successfully prosecuting cybercrime requires collaboration across private sector, law enforcement, insurance companies and national security agencies. In this session, approaches to collect, analyze, store and share digital evidence will be examined. Methods of safely transmitting data between private sector and law enforcement will be discussed. Demonstration of workflows between investigators, law enforcement, prosecutors and insurance adjusters will be covered. 

I also reference this 2021 DarkReading Article: Handcuffs over AI.

2024 Conference Talks for Charles Herring

Charles’ Biography

Charles Herring is co-Founder and Chief Technology Officer at WitFoo. WitFoo was founded to enable the sharing of information and operations across the craft of Cybersecurity. Charles leads research and development of the WitFoo Precinct platform that utilizes Apache Cassandra as a fundamental component in its architecture. Precinct ingests trillions of messages each day across hundreds of clusters to detect cybercrime and provide secure methods of sharing data and operations across corporations, organizations, law enforcement, national security and insurers.

Profit and Loss (PNL) of Cyber Security

The purpose of a CISO and a cyber program is to reduce the costs associated with cybersecurity. I said this to colleagues at a social mixer this week and their heads almost exploded. “Shouldn’t we be trying to stop and mitigate risk?” “We need to spend more money on cyber, not less.” “I can’t believe you, of all people, think we need to be doing less!”

Audacious Proposal

“Do you want to give up and let the bad guys win?” I want businesses to understand that cybercrime is a part of business in the exact same (not metaphorical) way as shoplifting, employees stealing office supplies, customers slipping on the floor, vandalism, executives abusing power against employees, hurricanes, power failures, earthquakes, flooding and taxes.

The goal in all risk management is to reduce the costs associated with the mishaps not to make them impossible.

Log4J/LogShell IOC search

Log4J/LogShell (CVE-2021-44228) exploit IOC have been published by Cisco Talos (see: https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html). These IOC have been packaged as a WitFoo Actor definition and have been pushed to all production instances of WitFoo Precinct and Precinct Cloud. The definitions were automatically applied at 1404 Eastern Standard time on December 14, 2021. Detections are both forward looking and retrospective across the entire Precinct big-data archive.

Actor functionality has been pushed early (ahead of 6.2 GA release) to allow data to be searched. A quick overview of the functionality can be viewed below.

Emergency Update for CVE-2021-44228 (log4j / Log4Shell)

CVE-2021-44228 (https://nvd.nist.gov/vuln/detail/CVE-2021-44228) was released on December 10, 2021 outlining a vulnerability in Apache Foundation project Log4j (https://logging.apache.org/log4j/2.x/index.html). This vulnerability can be used by a remote attacker to execute code without authentication. This vulnerability is also known as Log4Shell.

WitFoo Precinct 6.x utilizes log4j in the WitFoo Streamer & Apache Kafka Docker containers that manage the message processing pipeline. Other custom WitFoo containers (including Cassandra 4.01) do not utilize log4j.

As of 0940 Eastern Standard time on Saturday, December 11, 2021, WitFoo has completed the following mitigation steps:

Lava & Cyber Insurance

I have been fortunate enough to have the opportunity to spend October on the Big Island of Hawai’i at a friend’s home while we button up the 6.2 release of Precinct. My wife and I were able to visit the Crater Overlook at Mount Kīlauea this week. Mount Kīlauea is the home of the Hawai’ian goddess Pele who controls the flow of lava (among other things.) Peering over the crater to see new earth being born under a canopy of ancient stars was breath taking and quite frankly an existential experience.

No Such Thing as Lava Insurance

In talking to locals, we were surprised to learn how inexpensive real estate is on the Big Island. When we inquired why that was true, we learned that there is no such thing as lava insurance. Driving the 2 hours from Waimea to the peak of Mount Kīlauea, we observed large lava flows dotted with huts and temporary housing that have accepted that another destructive lava flow is imminent.

GrrCon 2021: Machine Learning Driven Social Engineering

Machine Learning Driven Social Engineering talk will be given at GrrCon on 9/16/2021 at 4:30pm.

Abstract

Machine learning (ML) is arguably the most potent advancement in technology since atomic fission with similar benefit and risk extremes. The outcome driven nature of machine learning allows computers to rapidly test theories to find pathways to support specific goals. These approaches applied to social engineering can be used to manipulate human factors for purposes including cybersecurity breach. This session will cover the philosophies, strategies and tactics used to accomplish a successful campaign to recruit human assets to a cause. Factors to mitigate risk in these advanced social engineering attacks will also be examined.

The presentation can be downloaded here.

2020 FBI Internet Crime Report

The 2020 Internet Crime Report from the FBI’s Internet Crime Complaint Center (IC3) has been released and can be viewed here: 2020_IC3Report.pdf. I highly recommend all in SECOPS take a moment to grok the content. I’d like to share a few of my observations.

High Level Takeaways

Reading the report reinforces a few concepts that have not yet made it into the mainstream thought of SECOPS:

Subscribe to Newest Content