Skip to navigation Skip to main content Skip to footer

Research Blog

Insights and research from our global cybersecurity team.

Filter content

Reset filters

Incremental Machine Learning by Example: Detecting Suspicious Activity with Zeek Data Streams, River, and JA3 Hashes

tl:dr Incremental Learning is an extremely useful machine learning paradigm for deriving insight into cyber security datasets. This post provides a simple example involving JA3 hashes showing how some of the foundational algorithms that enable incremental learning techniques can be applied to novelty detection (the first time something has happened) and outlier detection (rare events) […]


Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved)

Overview RFCs have played a pivotal role in helping to formalise ideas and requirements for much of the Internet’s design and engineering. They have facilitated peer review amongst engineers, researchers and computer scientists, which in turn has resulted in specification of key Internet protocols and their behaviours so that developers can implement those protocols in […]


Paper: Thematic for Success in Real-World Offensive Cyber Operations – How to make threat actors work harder and fail more often

tl;dr Today we’ve released a whitepaper on the key techniques that continue to enable us to breach the largest and most sophisticated organisations on the planet. Organisations that prioritize these areas, and the mitigations we outline, will thwart attacks while making threat actors work harder and ultimately fail more often. Objective The purpose of this […]


Crave the Data: Statistics from 1,300 Phishing Campaigns

tl;dr 1,300 phishing campaigns were analysed involving over 360,000 users Targets in Charities to be over 3 times more likely to click than the Health Sector However once clicked half of all targets were likely to supply credentials regardless Best case 1/10 of targets will click a link Best case 1/20 of targets will supply […]


Introduction to Anti-Fuzzing: A Defence in Depth Aid

tl;dr Anti-Fuzzing is a set of concepts and techniques that are designed to slowdown and frustrate threat actors looking to fuzz test software products by deliberately misbehaving, misdirecting, misinforming and otherwise hindering their efforts. The goal is to drive down the return of investment seen in fuzzing today by virtue of making it more expensive […]


Visualising Firewall Rulesets – Simplifying Firewall Administration and Spotting the Pivot Point

Managing firewall rulesets in any moderately-sized environment can be a complicated task. As IT infrastructures perpetuate change, firewall rules often become more complicated, overlapped and difficult to manage. We’ve been working on a prototype of a tool which seeks to provide more assurance over firewall rulesets; by providing better insight through visualising the paths through […]