My name is Rich, and this is my first blog post anywhere. Tim has made an incredible application and is virtualizing Cyberspace like Outer Space in order to model cybersecurity situations.
Below is a video, where I fly around cyberspace looking for cybersecurity threats. In this video, we’re mostly in auto-pilot mode. This is a very basic demo, and I have plans for more advanced demos.
Viewing the video is best in 1600×1200 resolution with Annotations (maximize it to 1600×1200):
This is the same video without annotations:
We’ll use the screenshots below, to also explain what’s going on in the video (also – click these screenshots and maximize them to 1600×1200).
First, we’re in auto-pilot mode. And this annotation shows that we’re currently on cyber-ojbect (node) #9 as we’re flying through cyberspace (where the red annotation is). The auto-pilot mode we’re in is “Risk” to have auto-pilot automatically fly us to the High Risk cyber-objects. The Heads Up Display (HUD) shows there are a total of 136 High Risk objects as defined by RiskScore (which we’ll elaborate on in a future post). So auto-pilot will navigate us through all 136 high-risk nodes (and there are other auto-pilot modes which we’ll talk about in the future).
Cyber-object Node #10 has a RiskScore of 240, with 2,494 web Requests with the last Request being to the Login page (this is a brute force attacker). This cyber-object’s node information is displayed in the top-right of the HUD. There are 2 sections showing cyber-object node info: 1) the one on the top is from the Viewport of selecting this same cyber-object with a mouse click (we do this to compare it with other similar ones in our auto-pilot journey) and 2) underneath is the cyber-object node info where auto-pilot is flying us to (we’ll mostly be concerned with this).
Cyber-Object Node #13 is the same attacker as they are part of the same network address range (only the last octet of the IP address is different). We can compare by looking in the top right section of the HUD, and comparing the first node (top) with the node we are flying to (bottom). Node # 13 has a RiskScore of of 11 with 448 web Requests, and their last visit was to the login page. Suspicious, eh?
Here’s the same attacker coming from the same network IP range as the previous attacks (only the last octet of the IP address is different). They have a RiskScore of 22, 426 web Requests, and they’re last visit was to the login page. With this application, wasn’t it pretty easy to find this attacker??
Auto-pilot flies us to our very next high risk Cyber-Object node (#16), and this is obviously some sort of attack against this Web Application. They’re hitting the Web Application login page, and they are placing a “chdir” (change directory) command into the query string (among other things).
Right now, I’m “user testing” the application. But, I’m going to start creating more content explaining the application, and also how to be a security analyst with this application. It’s incredibly powerful! Tim’s been a coding machine, and creating a few high-quality builds per day (incorporating new features and squashing bugs). I believe this application is fairly stable, and in good shape for user testing.
Today was a simple overview, but there’s powerful theoretical concepts under the hoods here. Later, we’ll elaborate on how data fusion, graph theory, revolutionary algorithms, and other advanced frameworks laid the groundwork for this application.
Please leave comments, and let us know if you’d like us to provide further updates in blog posts. It will motivate us to do so!
I hope you enjoyed, and I have a lot of fun using this tool. It works very well, and is fun!