F15hb0wn Blog Entries

How intelligent NetFlow analysis can ease the pain associated with adding networks gained from mergers and acquistions.

Using NetFlow for Information Security has some unique challenges that NETOPS tools don't have to deal with. I put Splunk head to head against StealthWatch and lay out methodolgies for testing other tools.

How to combine user authentication data with NetFlow audit trails to investigate user behavior.

How NetFlow can quickly reveal application-layer denial of service.

Don't trust your firewalls and NAC without validation. NetFlow is a great way to determine if they are doing what they are supposed to be doing (and alerting you when they are not.)

NetFlow can provide an efficient way of monitoring traffic moving laterally across a network.

Presentation deck for BSides Chicago 2013 and thanks to all.

APT is a word that means different things to different audiences. It's important to be concise in defining terms and using the correct words to avoid unnecessary conflict and misunderstanding.

Pseudo-code proof that network behavioral anomaly detection (NBAD) of threats is the superior evolution of signature based detection.

Great investigators know the importance of details but often we go too deep, too quickly. An organized approach to incident response will allow more actionable intelligence to be created in less time.