Nate “neu5ron” GuagentiDNS Tunneling & Other Hunts w/ RockNSM (Bro & ELK)In this post I am expanding on my DNS typosquatting detection post as well as (re-)introducing DNS tunneling detection.Jan 3, 2019Jan 3, 2019
Nate “neu5ron” GuagentiCanary Files for Legitimate Access Abuse using WEF & ELKNetwork security monitoring and endpoint security defenders face monumental tasks in attempting to detect computer breaches. Many face…Dec 23, 2018Dec 23, 2018
Nate “neu5ron” GuagentiTyposquatting Detection with ELK & Bro NSMDNS… I hope as network defenders we all know the value of it. Some may not, as my technical/CND lead once told me “so what its just DNS”…Dec 23, 2018Dec 23, 2018
Nate “neu5ron” GuagentiFinding Malicious Chrome Plugins Using ELK and Bro HTTP LogsI will discuss using the HTTP header “Origin” combined with Bro NSM & Elastic ELK for a few different scenarios to detect malicious…Dec 23, 2018Dec 23, 2018