I Have a Graph Database. Now What? presented at ShmooCon 2017

by Shimon Modi, Nicolas Kseib,

Summary : Graph data models have been a hot topic in security for a few years but analysis of these cyber graphs is still largely driven by visual assessments or rudimentary analysis techniques. Graphs can do a lot more than just paint pretty pictures. We will discuss how to develop cyber specific graph models that make analysis more effective and also open up possibilities for analysis that would otherwise be computationally impractical. We will demonstrate application of our graph analysis techniques to the Barncat RAT config dataset and also open source the analysis module to the community.