boB Rudis hrbrmstr

Malware trend observation: Attackers rely on knowing which industries and individuals are likely to not be following best practices, as many ‘newsworthy’ events in the past couple weeks were malware or techniques that even well maintained basic antivirus would stop.

Whether it’s miner malware targeting individuals that pirate software/movies and are likely to have AV turned off, or ‘brand new’ APT reports that are using techniques easily detected by AV, many things recently are simply attackers relying on basics not being in place.

If you have served any time as an IT person you will know certain industries think they ‘can’t’ do certain security measures such as patch/segment/least privilege-attackers know that too and are clearly using it as an easy mode entry point.

Some regions stay on old versions of productivity software due to linguistic reasons (IMEs/plugins) and that is 100% something targeted attacks know-many cases we research quite simply wouldn’t work with up to date AV and software.

There’s n

	suppressPackageStartupMessages(library(hrbrthemes))
	suppressPackageStartupMessages(library(tidyverse))

	plot_status <- FALSE

	x <- tibble::as_tibble(readRDS(url("https://cran.r-project.org/web/checks/check_results.rds")))
	y <- tibble::as_data_frame(installed.packages())
	z <- dplyr::left_join(y, x, by = c("Package", "Version", "Priority"))

	dplyr::count(z, Package, Status) %>%

	MAKE = make -j8
	F77 = /usr/local/gfortran/bin/gfortran
	FC = /usr/local/gfortran/bin/gfortran
	FLIBS = -L/usr/local/gfortran/lib/gcc/x86_64-apple-darwin15/6.1.0 -L/usr/local/gfortran/lib -lgfortran -lquadmath -lm
	CCACHE_CPP = yes
	CCACHE_CPP2 = yes
	CC = ccache clang -Qunused-arguments
	CXX = ccache clang++ -Qunused-arguments

	library(tidyverse)

	s_parse <- safely(parse) # prevents parse() from borking on malformed R files

	list.files("~/projects", pattern=".*\\.[Rr]$", full.names=TRUE, recursive = TRUE) %>% # sub out for your own dir
	map(s_parse) %>% # parse!
	map("result") %>% # we used safely() so need to get to get to the "result"
	discard(is.null) %>% # get rid of empty results
	unlist() %>% # we don't care which file the library() calls are in
	keep(is.language) %>% # I'm 99% sure only the next line is required but it's not like we're moving slowly

	snippet drillodbcdistributed
	library(DBI)
	library(odbc)
	library(tidyverse)

	DBI::dbConnect(
	odbc::odbc(),
	driver = "/Library/mapr/drill/lib/libdrillodbc_sbu.dylib",
	ConnectionType = "Zookeeper",
	AuthenticationType = "No Authentication",

	#' ---
	#' title: ""
	#' author: ""
	#' date: ""
	#' output:
	#' html_document:
	#' keep_md: true
	#' theme: simplex
	#' highlight: monochrome
	#' ---

	package org.apache.drill.contrib.function;

	import com.google.common.base.Strings;
	import com.google.common.io.BaseEncoding;
	import io.netty.buffer.DrillBuf;
	import org.apache.drill.exec.expr.DrillSimpleFunc;
	import org.apache.drill.exec.expr.annotations.FunctionTemplate;
	import org.apache.drill.exec.expr.annotations.Output;
	import org.apache.drill.exec.expr.annotations.Param;
	import org.apache.drill.exec.expr.holders.BigIntHolder;

	library(rvest)
	library(stringi)
	library(pluralize) # devtools::install_github("hrbrmstr/pluralize")
	library(hrbrthemes)
	library(tidyverse)

	#' Retrieve the Federal Register main EO page so we can get the links for each POTUS
	pg <- read_html("https://www.federalregister.gov/executive-orders")

	#' Find the POTUS EO data nodes, excluding the one for "All"

	library(splashr) # you need to read https://github.com/hrbrmstr/splashr to run this script
	library(urltools)
	library(tidyverse)

	splash_active() # if this does not return "TRUE" nothing will work

	site <- render_har(url = "URL_TO_EVALUATE", response_body = TRUE)

	map_chr(site$log$entries, c("response", "url")) %>%
	urltools::domain() %>%

	library(hrbrthemes)
	library(tidyverse)

	read.csv(text="Gender,A,Ap,B,Bp
	Male,6,60,15,60
	Female,4,40,10,40
	", header=TRUE, stringsAsFactors=FALSE) %>%
	tbl_df() -> gender

	read.csv(text='Age,A,Ap,B,Bp