Stephen Northcutt

Learn More
Coordinated attacks and probes have been observed against several networks that we protect. We describe some of these attacks and provide insight into how and why they are carried out. We also suggest hypotheses for some of the more puzzling probes. Methods for detecting these coordinated attacks are provided.
Recently, small and medium businesses have lost millions of dollars from fraudulent electronic financial transactions. This paper reviews the threat and provides guidance for mitigating the threat. These crimes typically begin with a phishing email targeted at the comptroller or other staff in the finance department. After the comptroller's computer is(More)
Respondents to this SANS survey point to strong planning, leveraging internal systems and intelligence, and defining gaps in protection and workarounds as key best practices for developing cyberthreat intelligence capabilities. These best practices, along with adoption trends and definitions, are discussed in this paper. In the last several years, we've(More)
As technology progresses IT professionals and Security analysts are presented with an ever increasing volume of data to parse through to find evidence of security events. Many companies rely on disparate logging architectures that split network, server, and application logging. Each of these logging architectures are often isolation from each other. The(More)
The place to get sensitive information relating to people who have access to our country's most sensitive information is the Office of Personnel Management's e-QIP Databases. These repositories provide a single location that contains the complete history and all associated pertinent information for anyone with a security clearance. There was a cascading(More)