nbad

Breaking NBAD & UEBA Talk

Charles Herring Wed, 10/23/2019 - 17:07

From DEFCON & GrrCON: Network Behavior Anomaly Detection (NBAD) and User and Entity Behavior Analytics (UEBA) are heralded as machine learning fueled messiahs for finding advanced attacks. The data collection and processing methodologies of these approaches create a series of new exploitable vectors that can allow attackers to navigate network and systems undetected. In this session, methods for poisoning data, transforming calculations and preventing alerts will be examined. Proof of concept code will be demonstrated and made available. Approaches to harden against these attacks will also be discussed as well as outlining needed changes in detection standards.

Read more about Breaking NBAD & UEBA Talk

GrrCon Presentation

Charles Herring 18 October 2014

Deck and video of my GrrCON talk.

Read more about GrrCon Presentation

Video: Looking for the Weird Webinar for Lancope

Charles Herring 30 September 2014

YouTube video recording of my "Looking for the Weird: Detecting Bad Traffic and Abnormal Network Behavior" webinar for Lancope. This was given on 9/24/2014.

Read more about Video: Looking for the Weird Webinar for Lancope

Converge Conference Presentation

Charles Herring 10 July 2014

My presentation deck from Converge Conference can be downloaded here.

Read more about Converge Conference Presentation

School of NBAD Series: NBAD Relationship Anomaly Detection

Charles Herring 20 May 2014

The final installment of the NBAD series covering relationship anomaly detection.

Read more about School of NBAD Series: NBAD Relationship Anomaly Detection

School of NBAD: NBAD Host Anomaly Detection

Charles Herring 13 May 2014

Part 4 of the NBAD series on host anomaly detection.

Read more about School of NBAD: NBAD Host Anomaly Detection

Hospitals are Bleeding Data

Charles Herring 9 May 2014

Hospitals are under attack from cyber criminals and state sponsored attackers. This article reviews the cause and some remedies to the poor state of InfoSec in healthcare.