Fred Rohrer's Blog

Detecting AI-Generated Images Using Entropy Analysis

Professional researchers (and myself) have been exploring ways to distinguish AI-generated images from real ones every since they took over certain social media. In this blog post I present a way to detect AI-generated pixel images, by analyzing the randomness of each RGB channel using local entropy calculations. The Process

Mastering Risk Assessments: Leveraging CIA, STRIDE, and MITRE ATT&CK

In my years working in cybersecurity, I've learned that thorough risk assessments are key to protecting a company's assets. Over time, I've put together a process that combines the CIA triad, STRIDE methodology, and the MITRE ATT&CK framework to cover all our bases. I start by looking at

Context-Dependent Sentence Detection in LLM Caching Pipelines

Building an effective caching pipeline is extremely important to keep costs down and improve the user experience by lowering latency. However, we'll run into one pesky issue immediately: How do we determine which user prompts to cache, and which to ignore? For example: Say you have a user question "

Just-in-Time Coding: The Future of AI-Driven Software Development

As an AI enthusiast and software developer, I've been closely following the rapid advancements in artificial intelligence and its potential impact on the world of computing. One concept that particularly excites me is what I call "just-in-time coding" – a future where code is generated on-demand, based on the

Building a Binary Classifier in Keras for Splunk Logs

As a data scientist, I recently worked on a project where I needed to build a binary classifier to analyze Splunk logs. I decided to use Keras, a powerful and user-friendly deep learning library, to tackle this task. Here's how I went about creating a simple binary classifier in Keras

Top 10 OWASP Vulnerabilities and Python Scripts to Test Them

Injection: Injection vulnerabilities occur when untrusted data is sent to an interpreter as part of a command or query. To test for injection vulnerabilities using Python, you can use the requests library to send payloads and analyze the responses. Here's an example script to test for SQL injection: import requests

The Crucial Role of Identity Management in Ensuring Business Continuity

As a seasoned IT professional, I cannot stress enough the importance of a robust identity management program in maintaining business continuity. In today's digital landscape, where cyber threats loom large and data breaches can cripple organizations, implementing a comprehensive identity management solution is no longer a luxury but a necessity.

Leveraging the MITRE ATT&CK Framework for Effective Detection and Response

The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework has become an essential tool for organizations looking to strengthen their cybersecurity posture. This comprehensive matrix provides a structured approach to understanding and defending against the various tactics, techniques, and procedures (TTPs) employed by adversaries. By mapping out

OWASP Risk Rating Methodology: A Guide to Web Security Assessment

Introduction Web security is a critical concern for organizations of all sizes. The Open Web Application Security Project (OWASP) provides a comprehensive framework for assessing and mitigating web application security risks. The OWASP Risk Rating Methodology is a key component of this framework, enabling security professionals to prioritize and address

Selecting and Creating Detection Rules with Syslog and Splunk

In today's cybersecurity landscape, effective detection rules are crucial for identifying and mitigating potential threats. Syslog, a standard protocol for logging system events, can be leveraged to create powerful detection rules. By ingesting these rules into Splunk, a leading security information and event management (SIEM) platform, organizations can enhance their

framework

Detection & Response - Introduction

What is Detection and Response?Detection and Response (not DR - Disaster Recovery) in cybersecurity refers to the basic processes and techniques used to detect and respond to cyber threats. Detection:Monitoring: Continuous monitoring of network and device activity to identify abnormal behavior.Log Management: Gathering and analyzing logs from

Detection & Response - Alert Deployment and Tuning

This post is about log monitoring basics, including log deployment and tuning.

Palo Alto XSOAR + GPT-3

In this post, I will be discussing how security automation can benefit from the advanced language understanding capabilities of GPT-3. By integrating GPT-3 into XSOAR, security teams can leverage the power of natural language processing to improve the efficiency and effectiveness of their incident response processes. I will be walking

Smarthome Auditing - Logging Kasa Devices to Splunk

Home automation is just the greatest thing ever, isn't it? Because who doesn't love the idea of being able to control their entire house with the swipe of a finger on a tiny screen? I mean, why bother actually getting up and flipping a light switch when you can just

Cybersecurity Program Basics

Starting to plan out a Cybersecurity program for your company can be a challenging task, but in many ways the steps to take have more benefits than just increased security. Introduction Cybersecurity programs are categorized into people, technology and process. People refer to the employees, contractors, and other individuals who

MITRE ATT&CK

What is the MITRE ATT&CK Framework and how did it come to be? SummaryThe MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is a comprehensive knowledge base of adversarial tactics and techniques based on real-world observations. It is designed to help organizations understand the tactics,

policy

The STRIDE Methodology

The STRIDE methodology aims to help with the question "how can our system be exploited and what security paradigms can we use to secure it?" It extends the commonly used CIA Triad (Confidentiality, Integrity and Availability).

Why Cybersecurity is important for small business

Small business and non-profits often overlook the dangers of cyber-attacks to their organization but small business is just as likely to be hacked as big business, and the fallout of a breach could be more damaging.