Long-form thinking on cyber defence, detection, and resilience — from Slackware-era honeypots through to AI-driven SOC analytics.
Showing posts tagged analysis — 3 results.
Six months of honeypot operation has produced enough data to write a structured analysis. The patterns of attacker behaviour, ranked by frequency, with the defensive implication for each. This is the longer writeup I committed to.
Looking back at the year's CERT advisories and Bugtraq archive. The pattern is clearer than any individual advisory: the same classes of bug, in different software, on a steady drumbeat. The structural lessons are worth pulling out.
After a year of wrestling with grep against unstructured Apache logs, I have started building applications that produce structured logs by design. The exercise has changed how I think about what a logfile is for.