Josh Liburdi
Reach me on LinkedIn if you want to chat!
π Open-Source Software
Substation
π‘- Cloud-native, event-driven data pipeline toolkit designed for security and observability teams
- Creator and lead developer since early 2021
Strelka
π- Enterprise scale static file analysis system written in Python & Go
- Creator and lead developer from early 2017 to late 2019
- Used by Sublime Security, Security Onion, and large organizations like Target
Zeek
π- Network security monitoring, analysis, and scripting tool
- Contributed the Remote Desktop Protocol (RDP) analyzer in early 2015
- Wrote several protocol plugins and scripts from late 2014 to early 2016
π’ Public Presentations
Billions Served: Processing Security Event Logs with the AWS Serverless Stack
- Shares challenges and best practices for building large scale data processing systems using the AWS serverless stack
- Presented at fwd:cloudsec in mid 2023
Building Better Hunt Data
- Describes how low quality data contributes to inefficient threat hunting operations
- Presented at the SANS Threat Hunting Summit in late 2021
Beyond AV: Detection-Oriented File Analysis
- Advocates for adding detection-oriented file analysis systems to the modern threat detection tech stack
- Presented at BSides San Francisco in early 2019
Beyond IDS: Practical Network Hunting
- Provides an overview to network-based threat hunting, including tools and techniques
- Presented at BSides New York City in early 2016
π Writing
Elevating Security Alert Management Using Automation
- In-depth overview of building an automated security alert management system
- Shared on Medium in early 2023
Structured and Task-Driven Threat Hunting
- Explains how to organize threat hunts that are structured and task-driven
- Shared on Medium in early 2020
Hunting for PowerShell Using Heatmaps
- Details how to programmatically use heatmaps to identify malicious PowerShell across multiple Windows systems
- Shared on Medium in early 2017