A creative thinker who is not afraid to challenge the norm. His diverse track record includes failed startups, approved patents and scientific publications in top conferences and journals. Driven by a mission to protect what matters most to you.
Opinions shared here are my own.
Last time, we built a detection that alerts us when an unexpected port is opened on the server. How about creating an alert whenever a successful SSH connection is established from a TOR exit node? I would never SSH to my personal server over TOR, so such activity would be a clear signal of compromise.
We can retrieve any connection attempt using the Zeek.Conn managed schema. However, how can we classify the originating IP as a TOR exit node? Note that this is a dynamic piece of information since TOR exit nodes are constantly being added or removed.
Panther has a solution for this called Enrichment. Enrichment provides external data sources that you can pull into Panther and join them against your schemas on a field, such as...
Engineering Manager @ Panther
Engineering Manager @ Orfium
Tech Lead @ Plum Fintech
Founder @ Blocktopus, a Plug and Play KYC/AML for Ethereum Smart Contracts
Security Software Engineer @ Microsoft Development Center Norway, worked for several Office 365 backend services, with a focus on Security Engineering
Computer Security Researcher @ CERN, developed linux kernel modules to prevent cyber attacks
Built Pwn Mail, a Cydia iPhone app for spoofing emails. It served more than 260,000 emails but it was discontinued after a legal threat by Steve Jobs
Machine Learning researcher @ KDD lab
Master studies @ Department of Informatics and Telecommunications on Software Engineering
Bachelor studies @ Department of Informatics and Telecommunications on Computer Science and Telecomunications
Laconism will be appreciated 📬