Magonia Research

Replacing the Cyber Kill Chain with G.I.F.T.: Encouraging Graph Thinking and Investigative Mindset

Research

June 22, 2024

The Cybersecurity Kill Chain is a widely taught framework in the field. Early in my career, I didn't realize it could be used as a practical investigative aid for defenders, not just an academic concept. I believe this is partly because it's written from an attacker's perspective, which doesn't always translate well for defense. Additionally, its vague language makes it awkward to apply, as not every phase is relevant to many attacks, more so than an edge case, and there are frequent overlaps.

Author: signalblur

Operationalizing TLSH Fuzzy Hashing

General

June 19, 2024

If you work in cybersecurity or tech, you’re likely familiar with hashing. A cryptographic hash function generates a fixed-size hash value from any given input data. This is a one-way process, making it computationally infeasible to reverse-engineer the original data from the hash value. Hashing is excellent for identifying specific files or binaries, such as a particular malware sample. However, its effectiveness in detection diminishes quickly because even a single change in the input (like altering one character) will result in a completely different hash value. Changing a binary's hash is incredibly easy; malware authors might inject random words, or a binary might be compiled with specific information for a targeted organization, resulting in a different hash for each impacted organization.

Author: signalblur

The Defenders Dilemma is a Myth

General

June 15, 2024

This blog post stems from a recent conversation with my former colleague, David Bianco, on the Defender's Dilemma." The Defender's Dilemma is often cited by those without firsthand experience in investigating cybersecurity incidents. The premise is that hackers only need to succeed once, while defenders must be successful every time. This notion is flawed and reveals a fundamental misunderstanding of a typical cybersecurity attack.

Author: signalblur

The Analyst vs The Engineer

General

May 15, 2024

A common trope among cybersecurity practitioners is gatekeeping entry-level positions like junior Security Operations Center (SOC) analysts with statements like, "How are you supposed to secure something if you've never managed it?" This is a concept that I **highly** disagree with.

Author: signalblur