coffeewithayman

Random thoughts ranging from human behavior (neuroscience & psychology) to information security to coffee, gardening, and life reflections.

Neuroscience & Security: The Default Mode Network and Threat Hunting

The brain is compromised of several neural networks. These networks, just as internet networks, traverse different regions of the brain. One network in particular that is important is the Default Mode Network (DMN). What's interesting about this network is that it is always active and processing, when your brain is not actively “doing” anything.

So when you're taking a walk, observing nature, or just people watching, this network is always running. The DMN, and many other neural networks, work on making predications based on information you have experienced in the past. That's what author, _____ presents in her book, _____. She asserts that the much of how we process our experiences is simply a set of instantaneous predictions. Sounds similar to machine learning huh?

In security when you run across a threat, you automatically make some predictions on this threat. But what will help differentiate you vs someone else are all the assumptions you make about that threat without all the information available.

Take for example an incident that says a piece of code in your CI/CD pipeline has been altered.

The way you want to manage your tasks is up to you, it can be a Google Keep note, a spreadsheet, and daily journal like Panda (recommend!), or a personal Trello board.

But when you start working with others, things can get hairy and you have to “grow up” and get some real software. Here is a list of PM software I found:

  • Trello
  • Asana
  • Monday.com
  • Wrike
  • ClickUp
  • Todoist
  • Basecamp

One of the most important things to do is to shore up your domain name registration security.

Here's how to protect yourself: https://docs.cloudsecuritylabs.io/glossary#ff-domain-hijacking-protection-and-prevention

So there are plenty of alternatives to Auth0, it really depends on what you’re looking for. Here are some ideas and a brief comment on each:

Okta

  • On par for the most part with Auth0

  • Very expensive

AWS Cognito

  • Many features

  • Much bigger learning curve

  • Might be cheaper

WorkOS

  • Does not price per user, only per connection

  • New company / contender

OSSO

  • Ruby based only

  • Business Source License (Not OSS)

  • YMMV

Of course you can always build a solution in-house using available libraries. Same with the admin panel. However, I’ve seen a lot of mistakes made using this method. Using a reputable 3rd party to manage your users/admin panel will ensure you are always delivering the best security and experience to them.

Also in S1E3 of “The Flight Attendant”, there is a sub-plot about one of the attendants copying proprietary and confidential files from her husbands work computer. She working on behalf of a corporate competitor selling secrets. (27:00)

Her excuse for using the computer was to search on Ebay for a jenga piece.

The S1E3 of the HBO Show “The Flight Attendant” a characters is introduced as the boyfriend of the lawyer who knows his way around a computer. He says:

“I'm good with technology,

and rich people are kind of...

not.

Generally extortion.”

Hilarious. Later in the show the lawyer asks him some “hypotheticals” on digging for information that she's struggling to uncover. (22:51) She asks him how long it would take to get something, he says 20 minutes.

This is all just knowing how to search online for things. Often times referred to as OSINT.

The interesting thing here is that a) this is all legal and b) lawyers should probably know how to do this.

Reminds me of my episode with @Infosecsherpa.

If you grew up in the 80's and 90's, then Animanics was probably part of your life.

Spoiler Alert!

Well, in Episode 5 (S1), in the Pinky and Brain segment, they need to recover a phone call due to amnesia. So Brain came up with the idea of going to the NSA since they had a recording of all phone calls!

The episode was hilarious being in the field for awhile. They even featured Edward Snowden. It was a really enjoyable clip, highly recommend.

In her book, How Emotions Are Made, the author explains how the world we perceive is in fact a construction based on our perception and simulation/predictions of past experiences.

It's quite interesting in fact. Similar to the movies Inception, The Matrix, and recently a movie called Bliss.

There was a study done once of judges, which found that there was a higher tendency of convictions in cases right before lunch then after.