Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
Writing a SLIPS Module
Slips is a machine learning-based intrusion prevention system for Linux and MacOS, developed at the Stratosphere Laboratories from the Czech Technical University in Prague. Slips reads network traffic flows from several sources, applies multiple detections (including machine learning detections) and detects infected computers and attackers in the network. It is easy to extend the functionality of Slips by writing a new module. This blog shows how to create a new module for Slips from scratch.
New Slips version 0.9.1 is here!
Installing Glutton Honeypot in the Cloud
In this blog we will describe how to install Glutton [1] honeypot in a cloud server instance. This blog is divided in three parts: (i) how to create a new Digital Ocean instance, (ii) how to install Glutton on it, and (iii) a walkthrough to some of the data captured by Glutton.
New Slips version 0.9.0 is here!
New Slips version 0.8.5 is here!
New Slips version 0.8.4 is here!
New Slips version 0.8.4 is here! Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
Studying the Distribution of Computational Propaganda with SerpAPI
In the Stratosphere Laboratory we set out to address this challenge of detecting if a news article is propaganda by leveraging a new idea: find which other sites are linking/referencing the news article. In this blog post, we will show how we accomplished this by using SerpApi.
Studying Cybercrime is Fun! An Overview of Five Years of Research Surrounding the Geost Botnet
New Slips version 0.8 is here!
In the last couple of months we have been busy continuing with the development of Slips, our behaviour machine learning system. And finally we published version 0.8, with crazy amount of features! You can download it from here https://github.com/stratosphereips/StratosphereLinuxIPS. And read the documentation here https://stratospherelinuxips.readthedocs.io/en/develop/.
The prevalence of DNS over HTTPS By Karel Hynek
Create and Test Your Own TAXII Server
Dissecting a RAT. Analysis of the Saefko RAT.
This is the eighth blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset [more information here], a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT06-Saefko [download here]. The previous blogs analyzed Android Tester RAT, DroidJack RAT, SpyMax RAT, AndroRAT, HawkShaw, AhMyth and Command-line AndroRAT.
Dissecting a RAT. Analysis of the Command-line AndroRAT.
This is the seventh blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset [more information here], a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT08-command-line-AndroRAT [download here]. The previous blogs analyzed Android Tester RAT, DroidJak RAT, AndroRAT RAT, SpyMax RAT, AhMyth RAT and HawkShaw RAT.
Dissecting a RAT. Analysis of the HawkShaw.
This is the sixth blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset [more information here], a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT03-HawkShaw [download here]. The previous blogs analyzed Android Tester RAT, DroidJack RAT, SpyMax RAT, AndroRAT RAT and AhMyth RAT.
Dissecting a RAT. Analysis of the AhMyth.
This is the fifth blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset [more information here], a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT07-AhMyth [download here]. The previous blogs analyzed Android Tester RAT, DroidJak RAT, AndroRAT RAT, and SpyMax RAT.
Dissecting a RAT. Analysis of the AndroRAT.
This is the fourth blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset [more information here], a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT05-AndroRAT [download here]. The previous blogs analyzed Android Tester RAT, DroidJack RAT, and SpyMax RAT.
Dissecting a RAT. Analysis of the SpyMAX.
This is the third blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset [more information here], a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT04-SpyMAX [download here].
Dissecting a RAT. Analysis of DroidJack v4.4 RAT network traffic.
This is the second blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset, a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT02-DroidJack v4.4.
The Attacking Active Directory Game - Can you outsmart the Machine Learning model? Help us by playing the evasion game!
The “Attacking Active Directory Game” is part of a project where our researcher Ondrej Lukas developed a way to create fake Active Directory (AD) users as honey-tokens to detect attacks. His machine learning model was trained in real AD structures and can create a complete new fake user that is strategically placed in the structure of a company.