Examples of using IPython, Pandas, and Scikit Learn to get the most out of your security data.
"Hacking in the sense of deconstructing an idea, hardware, anything and getting it to do something it wasn’t intended or to better understand how something works."(BSides CFP)
So hacking here means we want to quickly deconstruct data, understand what we've got and how to best utilize it for the problem at hand.
The primary motivation for these exercises is to explore the nexus of IPython, Pandas and Scikit Learn on security data of various kinds. The exercises will often intentionally show common missteps, warts in the data, paths that didn't work out that well and results that could definitely be improved upon. In general we're trying to capture what worked and what didn't, not only is that more realistic but often much more informative to the reader.
Questions or Comments: clicklabs [at] clicksecurity.com.
Detecting Algorithmically Generated Domains (BSidesDFW 2013)
Hierarchical Clustering of Syslogs (BSidesDFW 2013)
Exploration of data from Malware Domain List (BSidesDFW 2013)
SQL Injection (Shmoocon 2014)
Browser Agent Fingerprinting (Shmoocon 2014)
PE File Classification (BSidesATX 2014)
PCAP Exploration (BSidesATX 2014)
Drive By PCAP Analysis (ISSW 2014)
Mach-O Classification (SANS DFIR Summit 2014)
Yara Clustering (BSides Las Vegas 2014)
Windows Executable Clustering by Image Similarity
PE File Similarity Graph using Workbench