Sniper Forensics — Gangnam Style!

Before we get started, I would like to a moment to thank Chris Pogue, CISO at Nuix, to allow us to use his Sniper Forensic methodology in an official capacity. Hat’s off to you boss! What is Horangi? Why “Gangnam Style”? What is Sniper Forensics? I have so many questions! Welcome to the Horangi Blog and thanks for reading our

Lee SultBy: Lee Sult, May 05, 2017
TwitterFacebookLinkedIn

Before we get started, I would like to a moment to thank Chris Pogue, CISO at Nuix, to allow us to use his Sniper Forensic methodology in an official capacity. Hat’s off to you boss!

What is Horangi? Why “Gangnam Style”? What is Sniper Forensics? I have so many questions!

 

Welcome to the Horangi Blog and thanks for reading our first post! I’m Lee; the CTO and one of two co-founders of Horangi. We are a cyber security company based here in Singapore with a focus on serving South East Asia. We’ve been doing incident response, digital forensic investigations, pen-testing and training for the better part of ten years which includes all sorts of adventure, globe trotting, and unbelievable experiences.

Before moving to Asia, I spent time as a senior investigator at Trustwave Spiderlabs, building and leading the IR team at Palantir, and helping build the IR practice at Nuix. Last year I decided that the next chapter would be to use that experience and those hard-learned lessons to build something of my own! Horangi, founded in 2016!

 
 

Gangnam Style?! Heck yea! Before Horangi was even founded, Paul (the other co-founder) and I taught investigative methodologies and strategies at the Korean Information Technology Research Institute’s (KITRI) Best of the Best program (BoB) located in, you guessed it, Gangnam Station, Seoul, South Korea. It’s also where we derived our name “Horangi”, which is Korean for “tiger”.

Through this relationship and many others, we became more attuned to the region, the region’s specific cybersecurity challenges, and the distinct lack of a unified cybersecurity community. It was a great opportunity to start a company, meet new friends, and seek adventure! So, that’s exactly what we did; we founded Horangi, adopted the Sniper Forensics Methodology in a big way, and use it as a driver for continued technical success.

Sniper Forensics is an investigative methodology designed to answer important questions quickly and present the findings to others in a way that is easy to understand. The methodology was developed by Chris Pogue almost ten years ago, while he was investigating cyber crime on a daily basis.

Chris and I have worked together at both SpiderLabs and Nuix where we continuously built on the Sniper Forensics methodology and its application to real-world analysis and incident response.Chris is currently the CISO at Nuix, a long time friend, and an all around great guy. If you don’t already follow his blog posts, you should, he’s quite insightful: https://www.nuix.com/blog/.

 

 Since we started using the Sniper Forensics methodology so many years ago, it has grown into more than an investigative methodology; it has evolved into a framework. At Horangi, it is a core part of our identity, and we have built processes around sniper forensics that allow us to effectively gauge an organization’s ability to handle a cyber incident and help organizations mitigate the identified risks.

The simplicity of the methodology also makes it a great framework for presenting and communicating complex cyber-security topics such as the findings of a penetration test, cyber security strategies, and overall security posture. Since communication and repeatability are so effective, I might actually argue that Sniper Forensics is a customer focused approach to cyber-security. At the very least, Chris teaches that it’s not just about finding the bad guy, it’s about letting the facts lead you to the truth. It’s also about arming our customers with the knowledge and ability to stand against would be attackers.

While we are ardent advocates, the Sniper Forensics methodology is not a swiss army knife, and it’s not going to solve all of the world’s cyber-problems. It is a simple, effective, and repeatable process; which is exactly what you need with dealing with crisis and risk mitigation.