BigSnarf blog

Infosec FTW

Monthly Archives: May 2016

Good Sources of Labelled Security Attack Data – The ongoing challenge

Screen Shot 2016-05-09 at 8.15.43 AM

We all need to watch for compromising account credentials.

  • password brute forcing/password guessing
  • password reset
  • phishing/whaling
  • credential leaks/harvesting
  • drive by compromise

How do you watch this stuff in the cloud? Workstations? Users?  Account breaches increase risk and gives a “bad guy” anywhere, anytime access.

Also, in regards to this interesting slide above from RSA conference. I would add:

  • Crawl – Public Data
  • Walk – HoneyPot Data
  • Jog – Red Team Data
  • Run – Shared Normalized Breach Data and Attach Methodology for PP rules (IMHO)

Retraining Inception 3 Tensorflow to recognize new task

Screen Shot 2016-05-06 at 11.18.52 PM

Tensorflow Facial Key Points

Screen Shot 2016-05-06 at 12.02.36 AM

Anomaly Detection Python T-Digest

Screen Shot 2016-05-01 at 12.16.13 AM

Parameterized anomaly detection settings


Event correlation is a technique for making sense of a large number of events and pinpointing the few events that are really important in that mass of information. This is accomplished by looking for and analyzing relationships between events.