Introduction
As we continue to grow and progress we commonly get questions on how we do a certain thing or what technology we are using to process certain data sets. This page is to provide more of a laundry list with some explanation on what is in use. This is by no means a full conical list, nor could it be considered the best possible technology to use, but it is what we have grown into.
Analysis
- PEHash
- SigBuster
- SSDeep (Fuzzy Hashing)
Anti-Virus
It would be better to look over our AV pages here than to just try and list them.
Charting/Visualizations
- Chart Director - the bulk of our charting is done with this tool using the Perl interfaces.
- d3
- Gheat - Worked well with smaller data sets but failed spectacularly when given millions of points to generate. Worked well for a few one-off maps and images but not really feasible for automated daily runs.
- GraphViz
- HighCharts
- image::heatmap
- ImageMagick
Communication
- Jabber
- Unreal IRC - As with most security geeks we prefer old school communication and find that IRC works really well no matter how often certain curmudgeons like to complain about its lack of standards.
- WebEx - Mostly used for large group meetings, works pretty flawlessly.
Data Storage (Relational and Non-Relational)
Hardware
- Areca - The current standard for RAID in Linux systems. The hardware is very solid and performs well.
- Cisco
- HP
- Sun
- SuperMicro
Honeyclients
- Trigona
- Privately developed system
Honeypots
IDS/IPS
Network Management
Operating Systems
- Debian Linux
- Mandriva Linux
- Microsoft Windows XP Professional
- Microsoft Windows 7
- Microsoft Server 2008 R2
- Ubuntu Linux
Programming Languages
Sandboxing
Sinkholes
- HoneySink
- Privately developed system
Ticket Tracking
- Eventum
- Privately developed system