John Lukach

Security Researcher

John Lukach

It is fun to build solutions for Amazon Web Services (AWS) that improve threat detection and reduce response times necessary for incident mitigation. In today's escalating Cybersecurity climate, there should not be a barrier to entry for having security capabilities in your environments. I help by contributing to open-source solutions written using Cloud Development Kit (CDK) in Python. Providing the ability for anyone to tell the story of what happened, as we all need the same data to be successful, just applied differently for troubleshooting and security.


Initiative

Project Caretaker

Founder

Reputation is the most critical asset available when using the Internet, as it helps us decide which services we feel safe using. It can also impact a person's web useability if the connection has a previous misconfiguration or suspicious behavior. Project Caretaker aims to provide a Threat Feed for North Dakota so anyone can verify Internet reputation by visiting a website.

Four colors return to indicate the reputation of the Internet connection.

  • Gray - No Reputation Data Currently Available
  • Orange - Reputation Concern(s) Summary
  • Yellow - Internet Connection Not Monitored
  • Red - Project Caretaker Technical Difficulties

Project Caretaker includes domains in the Threat Feed for email and website reputation monitoring of North Dakota brands.

Development

BotoPlus

Apache-2.0

BotoPlus is a Python library for Jupyter Notebooks that enables data analysis using Amazon Security Lake for AWS Security Operations. It provides functionality for collecting log data from AWS accounts to analyze and visualize security events using standard data science tools and techniques in Jupyter Notebooks.

CloudCruft

Apache-2.0

Public IP addresses from a shared pool are automatically assigned using the Dynamic Host Configuration Protocol (DHCP) as resources launch. Addresses occasionally develop a poor reputation on the Internet before being returned. The next organization blindly assumes those addresses, which can result in a negative customer experience.

Distillery

Apache-2.0

Distillery aims to provide network IP addresses and associated metadata for cloud service providers like AWS, Azure, GCP, and others. It allows researchers to glean additional context about IP addresses during analysis, such as determining services operating in a specific cloud region using open-source intelligence.

GetPublicIP

Apache-2.0

The lambda function extension captures the public IP address invoked by the Lambda function. It requests the AWS check address API from within the Lambda execution context. Capturing the public IP address can help correlate Lambda function invocations with entries in AWS CloudTrail logs.

MMI

Apache-2.0

Match Meta Info is a digital forensics tool for conducting metadata analysis to uncover potentially malicious information hiding within standard operating system files and directories. As metadata provides only a surface-level indicator, it is easy to circumvent. However, examining metadata can still reveal clues when analyzing the exponential volumes of files and folders generated by modern operating systems.