Thursday, March 4, 2021

Security News Roundup - March 4

An alternate take on why the Solarwinds hack happened (Note: I read and enjoyed the article by Matt Stoller that is linked in the piece):

Top 10 Web Hacking Techniques of 2020 (Must read for anyone in the web application security field):

Interesting development in cyber insurance field, led by Google:

Short post on bots plaguing the online limited-edition sneaker industry:

Ransomware threat landscape in 2020 and 2021:

Post from Troy Hunt about a password breach (while it is about a political site, it contains the usual details and in-depth analysis that characterize his posts):

Exchange Zero Days patched by Microsoft:

Friday, August 14, 2020

How to do Early Case Assessment with FreeEED

Sometimes, you have a lot of data to process for eDiscovery. So, you go to your favorite eDiscovery provider and ask them to process your data and then host it for your review. But there's the rub: processing costs X number of dollars per gigabyte, and usually, you don't want to host all the data. 

Here is how you can solve this problem with FreeEED and save oodles of money in the process. First, I will explain the harder way, using the review. Then I will show how to go straight to the results, once you are more trusting the results.

Way 1 - with the review

 Download and start FreeEED

Select your projects and add files to your project

Stage, Process, and Go to Review

In the review, find all responsive documents. 

Now, simply click on "Export as Natives"

Here, you got want you wanted! You know now what documents you will deal with. Read them, analyze them. 

Put them into your favorite review platform, like Relativity. From there, you will be able to do production and share the documents with others who need them. And by the way, we can set you up and help with Relativity as well. 

Way 2 - go straight to the results

Start as above, by downloading FreeEED. But, instead of going all the way with the review, simply use culling

Enter your search string (I entered 'matt' but it accepts complete Lucene syntax, with metadata names and ranges), and click on process. When done, send the production results. Or, be more formal and go to Relativity, as above.


Monday, June 18, 2018

Security Analytics At the Speed of Thought With ML and Elastic

Abstract: This talk was a continuation of the discussion started in February where we will overview how machine learning in Elastic X-Pack can be used to analyze data from a data lake help the SOC (Security Operations Center) and Threat Hunting teams find malicious actors in their environment. We will demonstrate how easy it is to pivot through data and start to expand the information we have around the compromise.

Geoff presented a demo similar to this one,

May 23, 2018, was a great day! Thank you, all.

Wednesday, May 16, 2018

Searching Blockchain with FreeEed

The blockchain is composed of multiple blocks that can contain any information. However, it is not a database in a traditional sense: it is not fast and it does not answer queries.

For example, the speed of write is one block every 10 minutes for Bitcoin, and about one block every seven seconds for Ethereum. Queries, as such, do not exist at all: either SQL or NoSQL-type language is not provided.

Meanwhile, the information stored in Blockchain often needs to be searched. Here are the potential use cases

1. Any kind of eDiscovery with Blockchain needs a full search capability.
2. is an example of Ethereum-based for estate planning, together with legal and financial information.
3. There many examples of similar nature.

From today, such tool exists. FreeEed has been used by lawyers to do eDiscovery and legal review, and by researchers, for all kinds of investigations. It allows you to give it any kind of data as input (see here) and indexes that data for searches. The data can be loose Office files, PST mailboxes, a “load file” produced to lawyers as a result of an eDiscovery request, and as of now, Blockchain.

There is more: we are actively working on FreeEed all the time, adding input formats, processing capabilities, and machine learning. The tool is open source and welcomes new additions. The review part is called “FreeEed Review” and works through the browser.

The back end used to implement text search is Elasticsearch. This means that you can look at the processed data also through the powerful ELK (Elasticsearch, Logstash, Kibana) which are also open source.

Happy searching!

Monday, April 30, 2018

FreeEed with Elasticsearch (7.7.2 release)

Improvements in this version (7.7.2):
  • Elasticsearch integration. Now the users get more open source tools to work with FreeEed: Elasticsearch, Logstash, and Kibana. 
  • Bug fixes, code refactoring.
  • Go here

Thursday, March 29, 2018

FreeEed 7.7.1 release

Here is what is new is FreeEed 7.7.1 release

  • Restored deduplication
  • Better email handling
  • Separated processing engine code into its own project
  • All UI forms done in IntelliJ, out of NetBeans and away from commercial editors