Quick Wins with Network Flow Analysis

While this article focuses on the use of Team Cymru’s Pure Signal™ platform — the Augury™ solution — readers will gain some great guidance on how to use flows in their analysis in general. The Augury dataset comprises network flows records that are downloadable as CSV. Compared to the direct utility of some other Augury... Continue Reading →

Puzzle Me This: Context From Curiosity

One definition of 'proxy' is "a figure that can be used to represent the value of something in a calculation." Proxy servers are used for various purposes, some for hiding their true origination IP address for malicious intent; while others for circumventing totalitarian government censorship. Regardless of the use of proxies, with Augury we make... Continue Reading →

Detecting Cyber Recon Using Network Signals

Author: David Monnier What's the value of a packet? How about three packets? In this post I'll show how you can identify potential reconnaissance being conducted on a network, including identifying the potential target, by taking specific note of one type of ICMP packet being produced by your border device. ICMP, or Internet Control Message... Continue Reading →

Up ↑