CyberPoint Blog

Share your Indicators of Compromise

Lessons Learned in Unsupervised Learning At CyberPoint, we pride ourselves on mastering and using all effective strategies to prevent, discover, and fix cyber attacks. Over the past decade, a promising approach, the use of Indicators of Compromise (IOCs), has moved from specialized government and military applications into widespread use. Services and collaborative projects like OpenIOC, STIX, MLSEC, TAXII and Alien Vault provide powerful tools to protect you from cyber attacks.

Anyone who is subject to an attack, including a cyber attack, understandably thinks first about ending the assault. Make it stop: discover its strategy, strengthen defenses, disarm the attacker, whatever it takes to return to a state of peace.

But if that's the whole response, it won't be enough. A thorough defense against attack requires a holistic approach. Why did it happen? How could we have found out it was happening sooner than we did? What signs did the attackers leave that we missed? How can we use our knowledge from this attack to fortify ourselves against the next one? Could we have been prepared based on previous attacks against others?

Read more »

Learning in the Dark: Lessons Learned in Unsupervised Learning(ETW)

Posted December 7, 2016 by Riva Borbely

CyberPoint has seen great success in using supervised machine learning for malware detection. A while back, however, some colleagues and I set out to investigate whether we could make any interesting discoveries by applying unsupervised learning to CyberPoint's malware dataset.

Continue reading

Logging Keystrokes with Event Tracing for Windows (ETW)

Posted October 22, 2016 by Nate Rogers and Ben Lelonek

As a follow-up to our talk at Ruxcon, "Make ETW Great Again", we wanted to go into a bit more depth than we could cover in our hour long talk. While our talk consisted of multiple examples of ETW usage, detecting ransomware, USB Keylogging, and sniffing SSL encrypted data from WinINet (our code can be found here:

Continue reading

The Human Interface Device (HID) Attack, aka USB Drive-By

Posted October 18, 2016 by Mark McLarnon

As a part of our effort to educate, assess and train (EAT), we want to highlight a physical host attack technique that is extremely cheap and simple to pull off, and unfortunately yields a significant return for the attacker if successful. The technique is commonly referred to as a "Human Interface Device (HID) attack" or a "USB drive-by".

Continue reading

Software Defined Security at CyberPoint

Posted September 23, 2016 by Zach Miller

Software-defined networking, commonly referred to as SDN, has received a lot of press recently regarding both the technology itself and the impact that it will have in the networking world. At CyberPoint, being a cyber security company, we got curious and decided to take a look at the impact that SDN could have on security.

Continue reading

The Minimum

Posted May 6, 2016 by Rich Arnold, CRO

"If the minimum weren't good enough, it wouldn't be the minimum."

It's not just a rationalization of laziness. It's often the correct approach to compliance with externally mandated cyber security requirements.

Continue reading

Follow us on Twitter!



If you like CyberPoint and think others would too, we'd appreciate it if you would spread the word!