[Link to original blog post] This year I was able to join the DEFCON 28 Blue Team Village’s OpenSOC CTF since the event was held online. I joined with my team, the hackstreetboys. There were 800+ participants, 500+ challenges, and 350+ teams in the competition which over 20 hours.

We did alright; 8th out of 20 in the CTF finals, and 5th out of 354 teams in the qualifiers. It could be better, and we’re going to try harder.

This was our first time playing and our exposure to blue team CTF’s is limited. We didn’t really know what to…

“Hierarchical Density-based Spatial Clustering of Applications with Noise” (What a mouthful…), HDBSCAN, is one of my go-to clustering algorithms. It’s a method that I feel everyone should include in their data science toolbox.

I’ve written about this in my previous blog post, where I try to explain HDBSCAN in as much depth as I could. This time I am taking the opposite approach: I will try to explain the main ideas HDBSCAN and density-based clustering as succinctly as I can.

I think (and I hope) that this primer on HDBSCAN would be friendlier for beginners and new-comers in data science.

…

TLDR: U2F prevents MITM attack between the victim and the Duo server, but not between the victim and the application. Because Duo is a 3rd-party service, we don’t have the same security properties that are associated with U2F between the victim and the server. This boils down to bypassing the Duo integration. If you can bypass the Duo prompt, then the phishing attempt will be successful, even if U2F is used. To prevent phishing, it is paramount that you enable hostname whitelisting [1]. Without hostname whitelisting, Duo is similar to an OTP generator during a phishing attack.

This is a medium-sized extract from a longer blog post of mine concentrating on the crypto used by LastPass. Notes here are from [1], [2], [3], [4], and from my own experience setting up the phishing in the original blog post.

This is a medium-sized extract from a longer blog post of mine. I go a little more in-depth on the difference between U2F and OTP and how LastPass decrypts your vault, you can see the full blog post.

(Un)fortunately, this is NOT a MITM attack on U2F. LastPass doesn’t support U2F so this is disappointingly simple. It uses Yubico OTP, which we know to be phishable.

In this article, I show mainly how to deploy a phishing attack on LastPass users, even when they are protected with Yubikey physical keys. …

This is the second part of a series of blog posts. You can read the first one on Data Exfiltration.

This blog post is structured as follows:

1. Introduction Lateral Movement (4 mins): a toy example to illustrate what lateral movement is
2. Network Anomaly Detection (7 mins): Statistical and machine learning techniques to detect lateral movement
3. CTF Challenges (3 mins): Solution to 3 CTF challenges on finding lateral movement
4. Breach Reports (4 mins): Real-life examples and what we can learn from them
5. Visibility and Sensor Vantage (3 mins): Checking the quality of your data and the extent of your visibility
6. Dark…

HDBSCAN is a clustering algorithm developed by Campello, Moulavi, and Sander [8]. It stands for “Hierarchical Density-Based Spatial Clustering of Applications with Noise.”

In this blog post, I will try to present in a top-down approach the key concepts to help understand how and why HDBSCAN works. This is meant to complement existing documentation such as sklearn’s “How HDBSCAN works” [1], and other works and presentations by McInnes and Healy [2], [3].

No (few) assumptions except for some noise

Big data is hard, and the challenges of big data manifest in both inference and computation. As we move towards more fine-grain and personalized inferences, we are faced with the general challenge of producing timely, trustable, and transparent inference and decision-making at the individual level [1]. For now, we will concern ourselves with the challenge of “timeliness”, and try to gain intuitions on how certain algorithms scale and whether or not they can be feasibly used to tackle massive data sets.

In inference, there is never “enough” data. As you get more and more data, you can start subdividing the…