Threat Hunting With Entropy

Using Entropy in Threat Hunting: a Mathematical Search for the Unknown

Ben Downing

“Antivirus is dead” is a common refrain in the information security space, but if you look below the surface, what it really means is “atomic indicators are dead.” While there is value in static indicators, they are the bare minimum standard for detection these days and suffer from numerous drawbacks. Behavioral indicators are the next level, which use knowledge of … Read More

Call to Arms: 4 Things Everyone in InfoSec Should Stop Doing Right Now

Joe Moles

While I’ve always been passionate about working in InfoSec, I can’t help but feel jaded about the way our industry approaches some things. We run around pointing fingers at each other with slander marketing, we use Twitter as an intel sharing platform, and we cry out that the sky is falling every time a researcher posts a new post exploit … Read More

Credential Access

Damage from Malicious Admins and Credential Access

Tony Lambert

Good security sometimes requires us to get back to basics on a number of things, including how we use and secure administrative credentials. Admin accounts enable us to configure all sorts of technologies, from software installations and Windows network controls to WordPress servers. If you can administer it, odds are good that there’s a special account for it. Because these … Read More

Brian Beyer 2018 tech trends

As Featured in Forbes: CEO Brian Beyer on How Tech Trends Will Disrupt Cyber Security In 2018

Red Canary

Julian Mitchell of Forbes recently sat down with Brian Beyer, CEO and co-founder of Red Canary, to talk about the vision behind the company, the future of cyber security, and top tech trends impacting the industry in 2018. Read the interview below. This article originally appeared in Forbes. What was the specific void or opportunity you identified that inspired the … Read More

Atomic Red Team Training Session

Detonate, Detect, Analyze: the Applied Research Team Answers Audience Questions

Casey Smith, Michael Haag

We recently held our second Atomic Red Team training session and were once again blown away by the positive response from the security community. As researchers, nothing is more exciting than taking our work out of the lab and teaching other security professionals how to apply the tests to improve their defenses. It was especially exciting to see multiple team members … Read More

Detecting Application Shimming: A Story About Continuous Improvement

Frank McClain

A long time ago, in a land far away, there lived a shim detector. The shim detector monitored data coming from Endpoint Detection and Response (EDR) platforms, watching for modifications to certain registry paths. It did its job well, but unfortunately it made so much noise that analysts didn’t want to listen to what it had to say. So What’s … Read More

Atomic Red Team Chain Reactions

Testing Detection and Prevention Tools With Atomic Red Team “Chain Reactions”

Casey Smith, Michael Haag

The very nature of Atomic Red Team is to allow for customization of different testing units to determine coverage, prevention, or detection within your environment. Chain reactions are a concept we developed to enable security teams to combine multiple MITRE ATT&CK™ techniques and execute them simultaneously. You can use these free-form methods to either build a sequence of events or … Read More