Author Archives: Uma Mahesh

About Uma Mahesh

A Creator/Equilizer. Creator/Equalizers are catalysts for positive, well-organized change. They never settle for the status quo. Instead, they see the opportunity for innovation in the processes that others have long taken for granted. They respect what's already operating, but they can't help but want to improve upon it. Their special combination provides innovation tempered with profound logic. They have incredible discernment. Should their efforts fail, they are unhesitating in accepting responsibility. They don't wallow in self-pity but rather see these missed attempts as critical steps on the path to success.

Security Incident Workflow


Image | Posted on | Leave a comment

Threat Intel Program – Quick Reference

Cyber Attack Taxonomy Threat Intel Taxonomy Threat Intel Classification Strategic Operational Tactical The decision by a competitor or potential competitor to enter your market space (e.g. a foreign competitor’s new five-year plan now shows interest in developing a domestic capability … Continue reading

Posted in Resources, security, Security Management | Leave a comment

Intro to Event Stream Analysis (ESA) & Complex Event Processing (ESPER)

Exploring Event Driven Architectures with Esper Event stream processing (ESP) monitors streams of event data, analyzing those events for matching conditions and then notifies listeners Complex event processing (CEP) allows the detection of patterns among events WHAT IS COMPLEX … Continue reading

Posted in Uncategorized | Leave a comment

Artifacts of a Malicious Traffic

While Investigating the Suspicious Traffic, it is important for an analyst to be clear what is really suspicious or not. Below are few artifacts an analyst can observe to conclude if it is malicious or not. ARTIFACTS OF MALICIOUS IP … Continue reading

Posted in security | Tagged , , , | Leave a comment

Callback IP List – 16/8/2012 … Continue reading

Posted in Uncategorized | Tagged | Leave a comment

ZeroAccess/Siresef Update

Until last week ZeroAccess/Siresef Infected hosts contacting C&C domain on ports 16464, 16465, 16470 and 16471. Currently it switched to port 34354 is now going on wild. Watch out your network for machines going on to internet ips on this … Continue reading

Posted in Uncategorized | Tagged | Leave a comment

New Mode of delivering Malware Payload by Exploit Kits

Huh… Exploit writers have come up with new mode of delivering malware payload. The current pattern of exploit kit is malicious webpage -> Exploit (Java/PDF/others) -> Exploits download the malicious executable. we have devised appropriate signatures for these patterns, malware … Continue reading

Posted in security | Tagged , , | Leave a comment