Darren Meyer :donor:@darrenpmeyer@infosec.exchange
User Agent strings are valuable, but they kind of suck because there is no standard format. Using LLMs to summarize and structure the User Agent strings works with high enough accuracy to help translate to an application name and version. – Estep & M #BHUSA #LivePost
Darren Meyer :donor:@darrenpmeyer@infosec.exchange
Behaviors to look for: unusual DNS, weird repo access, large external data transfers. Over 185 signals in total, including request completion times, interval between requests, sequences and patterns, HTTP methods used and codes in responses, file types being transmitted – Estep & M #BHUSA #LivePost