Zac Brown

Hidden Treasure: Intrusion Detection with ETW, Part 2

Note: This blog post was originally posted on the Office365 Security Blog here. In our last post, we discussed how Event Tracing for Windows (ETW) provides a wealth of knowledge in addition to what's available from the Windows Security Event Log. While we can gain increased insight into Windows activity, ETW was originally meant as a high-volume debug trace. Without some mechanism for filtering or reducing event volume, our SIEM won't be able to keep up. In this post we will discuss the ways in which

Hidden Treasure: Intrusion Detection with ETW, Part 1

Note: This blog post was originally posted on the Office365 Security Blog here. Today's defenders face an increasing obstacle with information asymmetry. With the advent of in-memory attacks and targeted malware, defenders cannot simply rely on the default event logs provided by Windows. Attackers may make use of process hollowing to hide their code within a seemingly benign process as well as routing their Command & Control traffic over DNS to remain hidden. We began investigating alternate data sources beyond the Windows Security Event Log after

User Interfaces Suck

A little while back, there was an article in the Verge discussing Microsoft's long-term thinking around the mobile internet experience. The particular point in the article that caught my eye was that Satya (CEO) and Qi (VP of ASG) believe the future of mobile internet lies in what they call a "conversation canvas." The premise is that today's model for interacting with the Internet on mobile devices is fundamentally flawed, leaving users generally unhappy and doing the majority of their Internet browsing on conventional desktops. The

Haskell & Stubbornness

A persistent theme for the entirety of my adult life as a programmer has been attempting to learn the Haskell programming language. Everything about the language appeals to me, from strong static typing to lambdas (my first exposure to them) to its purity. Despite these repeated attempts over the last ten years, I have been unsuccessful in becoming a proficient Haskell programmer. So what's kept me from Haskell enlightenment? Stubbornness, pure stubbornness. Or at least so I'm convinced. See, the Haskell community is rich and plentiful

Stupid Git Tricks: 1 of N

To the surprise of some developers outside of Microsoft, my team uses Git for the vast majority of our code (10,000+ lines of code). Since we work on Windows, Git is built by using a bastardized subset of Cygwin to provide some of the POSIX facilities it requires. This generally works but there is some cruft and ugliness that occasionally rears its ugly head. Recently, I performed a clean install of Windows 10 on my work laptop. Shortly thereafter, I started encountering a puzzling issue

Adventures in Gigabit Internet

In my never ending pursuit of novelty, I recently acquired gigabit internet. I discovered back in November of 2015 that CenturyLink would begin offering gigabit internet in my Seattle neighborhood and that it was competitively priced with service about 1/5th as fast from Comcast. I thought it over for a bit and ultimately decided that I must have this new and shiny thing so that I may lord it over family and friends. Brief side story: I often hear people complain about Comcast and how

Redfin Realtor Ratings Mean Nothing

My wife and I have recently begun the home-buying process. After looking at our finances last fall, I realized that if we were to liquidate some of our investments, we could have a downpayment for a house. With this in mind, I began lining up the assorted "ducks" needed in buying a house, namely: determining a price rangedetermining a down payment for that price rangelooking at our mortgage optionsAround the turn of the new year, we finally got a chance to go to meet with a

2015: The Year of the OpenBSD Desktop

In the beginning, there was Zac. He discovered Linux and ran fifty thousand different distributions, never being satisfied. When one distribution fixed an issue, thirty new issues were created. Subsystems bickered, sound servers wept, and bus systems rended their clothing. This went on for years and finally Zac gave up. He threw in the towel and bought a Macbook. He basked in the mostly-Unix environment provided by OS X. He occasionally tried to take Linux back but it was always a disappointment. One of the more

Glorious Nippon

I've begun the long and arduous (but enjoyable) task of planning the honeymoon that Caroline and I will be taking. I've vacillated between several locations for the honeymoon. Much of it was concern over cost, time, and comfort traveling. Japan was the first real contender and after much thought it remained our best option. Other frontrunners included Turkey which has recently lost its shit and Montreal which takes just as long to get to as Japan from Seattle because there are no direct flights. We'll be