Brianne Fahey

sans

Defending with Graphs

by

Visualizations are powerful. When talking about data relationships, graphs are of keen interest. This spring I spent 4 months building out an idea and writing a whitepaper that is now published on the SANS Reading Room.

The paper is called Defending with Graphs: Create a Graph Data Map to Visualize Pivot Paths.

How about a two sentence synopsis?

The tl;dr is that there are several well developed examples of attackers thinking in graphs (see John Lambert’s article) and room for more ideas for how to defend with graphs. I wanted to demonstrate a use case for security defenders building a graph data map representation of their environment and querying it to improve their ability to respond quickly and directly to an incident.

A look at an image from my results.

I hope you will peruse this work and find it useful. It builds on the work of several researchers, developers, and thought leaders including Chris Sanders’ pivotmap tool, Colin O’Brien’s grapl platform, and Olaf Hartong’s ATTACK datamap tool.

The Resourceful Will Find a Way

by

Since I recently finished the SANS SEC-503 course passed my GCIA exam, I’m enjoying my first week in a while without evenings full of intense studying.  There have been fits of cleaning and organizing things I let go too long, and event a move to complete some of the small home improvement tasks I’ve put on the back burner.

This weekend I was working on a project.

For me, this means rolling a cart loaded with lock boxes filled with power tools into an alley and hoping for minimal interruptions.  When you have something you want, you make do with what you have to make it happen.

This is exactly what happened.

I made a plan and laid out my mobile workspace. I hefted the materials I needed into the alley. I fired up the cordless circular saw and it immediately died. I did some troubleshooting on the battery and found out it was dead. And the backup battery was lame. But I already staged my materials and with a temporary mobile workspace, you don’t roll it all up and go home until you are finished.

I experimented with other tools I had at my disposal although they were less fitted for the task than the circular saw. I dug through my lock boxes looking for other options.  Finally I spotted it – the jig saw I had not used for ages and had contemplated getting rid of in my last clean-through. If my project was the turkey and the cordless circular saw was an electric carving knife, the ancient jig saw was a rusty scissors.

Let me give you an idea of some of the things I worked around to finish the project.  Getting a heavy, heavy industrial cart over some PVC pipes clamped down across my pathway. Dead batteries for the set of cordless tools. Not a long enough cord for the jig saw. Broken clamp. A wheel fell off the dolly while I was moving a pile of wood. The lights in the trash room were out and it was pitch dark. You’d think I was the bad news bears of DIY tasks.

So I coaxed and I pushed and I persevered and I finished the job. It was not pretty. It was not at all as I had planned.  But it was finished.

I cleaned up my mobile work-site, made a list of things I needed to repair or replace before I came back for the next job. I celebrated the tiny victory of knocking a hard task off the list of things I wanted to finish.

I learned to be resourceful from my parents.

They encouraged us to stick with it.  They challenged us to find another way when we hit a wall. They did not freak out at the mess that was made when I attempted to create what I needed myself. I can be a hustler and a hard-worker, and when I take time to think I can be smart about it.  The willingness to be resourceful and either persevere or pivot to another way is important to me. It is one of the things I believe can translate into professional settings and differentiates between people who move on and people who finish hard tasks.

Try hard. Learn from the goods and the bads. Try again. Get better.

Plan When You Can

by

Back around the first of this year I sketched myself a learning plan. I committed myself to 2 scheduled learning events this year by paying for them up front.  I’m already a natural planner, but when you’re fronting the cash for a class yourself – you take your planning seriously.  I’m motivated to be better and I’m driven not to waste time, money, or chances to help get there.

My first milestone event is in April; the next course in my pursuit of a SANS certificate in Core Cybersecurity Engineering. Months ago I researched the course prerequisites and syllabus to brush up on or at least introduce myself to the topics that will be covered.  These courses are boot camp style, nearly 50 hours of lessons in 6 days, so I’ve got zero time to lose to being lost.

So I took a crack at experiencing packet analysis, watched through some targeted Hak5 playlists on YouTube, re-read my No Starch Press book covering The Practice of Network Security, tried out some open source IDS exercises online from Bro, and listened to some topical presentations from security cons recorded and posted on IronGeek.

Let me be honest, I am not amazing at any of these things.

But I would love to be and I believe that I can get there with practice and guidance.  That’s the point of learning with live, in-person classes.  You have access to an expert.  The better informed I am, the more meaningful and specific questions I can ask of the instructor.

I allowed myself to wander from the plan.

I’m only human, I took a few sidebars that ate into the prep time I had laid out.  I spent time blogging on my website.  I took advantage of temporary free access to an online Digital Forensics e-learning course trial that was offered by (ISC)2, (helpful to gain some free CPEs to keep my CISSP active). I started watching a course on Lynda about Neo4j graph databases so I could play with some visualizations.  I even sat on the couch to binge watch 2 entire seasons of This Is Us when I should have been on the computer.

I feel decent about my progress, bring on more of the hard stuff.