2015 ISC2 America’s Information Security Leadership Award Recipient

By Uncategorized No Comments

I am honored and pleased to announce that on September 30, 2015, I was presented with the 2015 ISC2 America’s Information Security Leadership Award (AISLA) in the Up and Coming Security Professional category!

AISLA Award

Per ISC2’s press release:

“The Americas ISLA program recognizes the achievements of outstanding cyber and information security professionals who have led an industry initiative, program or project resulting in a more proficient, resilient workforce in Central, North and South America.”

(ISC)² CEO David Shearer says, “I’m proud to recognize deserving cyber, information, software and infrastructure professionals for improving industry workforce standards. We had an impressive pool of candidates this year. In fact, the submissions we received in the Senior Information Security Professional category were so outstanding that the judges chose three exceptional recipients. Congratulations all of the recipients, finalists and nominees who were a part of our fifth annual Americas ISLA program.”

Full press release can be found here: Press Release – Americas ISLA 2015 Recipients

More details on the AISLA program can be found here: https://www.isc2.org/aisla/default.aspx

Additionally, shameless plug, but I have posted this to my LinkedIn page as well.

Gitrob – Open Source GitHub Sensitive Data Search Tool

By Uncategorized No Comments

Another day, another awesome looking tool. This time I’d like to introduce Gitrob, a tool that searches GitHub for sensitive company data.

As the developer/author Michael Henriksen points out in his blog post introducing the tool:

Gitrob is a command line tool that can help organizations and security professionals find such sensitive information. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files that typically contain sensitive or dangerous information.

Much more detailed information, including how it works, is available in Michael’s blog post: http://michenriksen.com/blog/gitrob-putting-the-open-source-in-osint/

Not surprisingly, Michael has hosted the Gitrob code on GitHub here: https://github.com/michenriksen/gitrob

-Noah

WireEdit – Full Stack WYSIWYG Network Packet Editor

By InfoSec, Tools No Comments

Yet again, the Twittersphere pointed out another neat looking tool, WireEdit.  I first noticed this via @Cyberarms’ tweet:

WireEdit appears to let you edit network packets at any OSI Model layer, via a WYSIWYG editor. Looks neat, but I have not had the opportunity to play with it yet. If I do, I’ll be sure to update this post.

Click here to visit the WireEdit webpage. 

-Noah

ThreatWatch – Open Source Intelligence Dashboard

By InfoSec, OSINT, Threat Intelligence, Tools 2 Comments

I’ve spent some time lately researching Open Source Intelligence feeds, dashboards, etc.  I was trying to set up the Collective Intelligence Framework (CIF) and the Kibana dashboard associated with it, but ran into some snags. Namely, anytime I enabled the Kibana dashboard on my Ubuntu VM, it caused the CIF command-line tools to fail.

While troubleshooting (via my very best Google-fu), I came across ThreatWatch, a project that already has this implemented, running, and even added a large amount of additional feeds to what the Collective Intelligence Framework has.

A full list of feeds/data sources contained in ThreatWatch is available here: http://www.threatwatch.ie/feeds

A link to the ThreatWatch dashboard is available here: https://feeds.threatwatch.ie/#/dashboard/file/default.json. An example screenshot of the dashboard is below as well:

ThreatWatch Screenshot

-Noah