In keeping with our philosophy of sharing useful resources with our clients and the security community, KoreLogic releases software under various open source licensing agreements.
In addition to development of open source tools, KoreLogic also works
with clients to aid in the customization and implementation of existing
open source tools (i.e. Request Tracker (RT) for use in Vulnerability
Management and Request Tracker Incident Response RTIR).
Below are links to various resources supported and/or sponsored by KoreLogic.
Presentations
 |
May 14, 2008: KoreLogic staff presented "Shrinking the IDS Haystack" at the IntrusionWorld conference in Baltimore, MD. Click here to download the presentation. |
|
|
February 5, 2008: KoreLogic staff presented "Burying Your Head in the SandNet" at the CFS conference in Washington, DC. Click here to download the presentation. |
|
|
May 8, 2007: KoreLogic staff presented "The Forensic Katana - Digital File Carving" at the CEIC conference in Las Vegas. There were two versions, a basic and an advanced session. Download the basic class slides or handouts, or the advanced class slides or handouts |
|
|
March 25, 2007: KoreLogic cofounders presented "Home-grown Crypto (aka Taking a Shiv to a Gun Fight)" at the ShmooCon conference in Washington D.C. Click here to watch a video of the presentation. |
|
|
March 13, 2007: KoreLogic staff presented at the Ohio Information Security Conference (OISC 07). Topic: Introduction to Botnets |
Papers
|
|
DFRWS 2006 File Carving Challenge Submission Paper - Summarizes the results of our efforts to solve the Digital Forensic Research Workshop (DFRWS) 2006 File Carving Challenge. In short, our team took 1st place (here's our press release). Details regarding this challenge may be found here.
|
|
|
MD5 Prehash Analysis - This paper examines the advantages of prehashing for data streams (e.g., session IDs) that can be broken into two consecutive sub-streams where the first sub-stream is fixed or relatively fixed (i.e., easily inferred/guessed) and the second sub-stream is unpredictable (random) or hard to guess/infer (pseudo-random). While the observations and findings of this study were limited to the MD5 algorithm, it is likely that they would apply to all hashing techniques in general. |
|
|
System Baselining -- A Forensic Perspective - This paper defines baselining terminology, explains the mechanics of baselining, compares and contrasts different baselining techniques, and describes FTimes -- a system baselining and evidence collection tool. The paper also explores some of the criteria that evidence collection tools and techniques must satisfy if they are going to support prosecutions. In closing, it presents a pair of war stories that are typical of the times. |
|
|
WebJob Breakeven Analysis -- Installing and Configuring a Solaris Package - This paper describes the labor cost associated with using a WebJob framework to deploy and configure a Solaris package on several hundred systems. In short, the payoff is pretty amazing. Furthermore, the efficiencies and economy of scale that this approach delivers can be translated to almost any other type of administrative and/or repetitive task that can be scripted. |
Projects Supported and/or Sponsored by KoreLogic
OWASP
Application Security Metrics Project
-
Identify and provide the OWASP community a set of application security
metrics that have been found by contributors to be effective in
measuring application security. The goals of this Project are to make a
baseline set of application security metrics available to the OWASP
community and subsequently to provide a forum for the community to
contribute metrics back into the baseline.
OWASP
Application Assessment Standards Project
- The
Project's primary objective is to establish common, consistent methods
for application security assessments standards that organizations can
use as guidance on what tasks should be completed, how the tasks should
be completed, who should be involved and what level of assessment is
appropriate based on business requirements.