Notes on cyber security, network monitoring, and SOC operations from books and papers that I’ve read and the experience I’ve had working in a SOC.

Currently I’m interested in applying data science specifically to blue team cyber security.

Data Analysis for Cyber Security 101

I’m still learning and trying to apply data science concepts in cyber security. Here are stuff that I’ve learned as I go.

  • Detecting Lateral Movement

    Use network flow logs to detect lateral movement. An introduction to lateral movement and outlier detection for cybersecurity.

  • Detecting Data Exfiltration

    Using network flow data to create basic alerts to detect data theft

Blog Posts

  • DEFCON 28 OpenSOC Blue Team CTF: Lessons and Tips

    Review of the DEFCON 28 OpenSOC Blue Team CTF Finals and some tips and lessons for future participants and beginners

  • U2F with Duo Web Phishable by default

    Without changes to evilginx, we can bypass U2F on Duo with default configurations. This is an analysis of how implementation and configuration of U2F can lead to a scenario where U2F/WebAuthn does not protect you against phishing attacks (until hostname whitelisting is enabled)

  • Bypassing LastPass’s “Advanced” YubiKey MFA: A MITM Phishing Attack

    How to deploy a phishing attack on LastPass users, even when they are protected with Yubikey physical keys. This is to appreciate what is U2F and why it is important. I will also give an overview of how LastPass encrypts and handles your vault