From DEFCON & GrrCON: Network Behavior Anomaly Detection (NBAD) and User and Entity Behavior Analytics (UEBA) are heralded as machine learning fueled messiahs for finding advanced attacks. The data collection and processing methodologies of these approaches create a series of new exploitable vectors that can allow attackers to navigate network and systems undetected. In this session, methods for poisoning data, transforming calculations and preventing alerts will be examined. Proof of concept code will be demonstrated and made available. Approaches to harden against these attacks will also be discussed as well as outlining needed changes in detection standards.
Video: Looking for the Weird Webinar for Lancope
YouTube video recording of my "Looking for the Weird: Detecting Bad Traffic and Abnormal Network Behavior" webinar for Lancope. This was given on 9/24/2014.
Converge Conference Presentation
My presentation deck from Converge Conference can be downloaded here.
School of NBAD Series: NBAD Relationship Anomaly Detection
The final installment of the NBAD series covering relationship anomaly detection.
School of NBAD: NBAD Host Anomaly Detection
Part 4 of the NBAD series on host anomaly detection.
Hospitals are Bleeding Data
Hospitals are under attack from cyber criminals and state sponsored attackers. This article reviews the cause and some remedies to the poor state of InfoSec in healthcare.
School of NBAD Series: NBAD Behavioral Detection
Third part of the network behavioral anomaly detection (NBAD) series on the role of behavioral detection.
"Looking for the Weird" video from BsidesChicago
In the second part of the NBAD series, signature detection methodologies are examined.