Security Team

What Makes a Great Security Team? 4 Standout Qualities

Ben Johnson

This guest post was contributed by Ben Johnson, co-founder and CTO of Obsidian Security, a stealth startup based in Southern California. Prior to Obsidian, Ben co-founded and was CTO of Carbon Black. In infosec, we are often quick to call out the people, processes, and technology that we believe are selling snake-oil, are needlessly inefficient, or don’t perform as expected. … Read More

Threat Hunting at Scale

Threat Hunting at Scale: Techniques & Tools to Mature Your Program

Michael Haag

Performing threat hunting at scale is no simple task. Many organizations today deal with massive volumes of data, reviewing terabytes of information on a monthly, weekly, or daily basis. Looking for new behaviors and using the data to tune and enhance capabilities is a continuous process. My last organization ingested 500+Gb of Carbon Black Response data daily in Splunk. As … Read More

Atomic Red Team Testing

Atomic Red Team Tests: Catching the Dragon by the Tail

Casey Smith, Michael Haag

Before testing your security controls, it’s extremely beneficial to understand the threat actors your organization may be facing. Nick Carr at FireEye published an excellent post a while back on how an actual adversary operates. We strongly encourage you to check it out for a solid understanding of the capabilities and behaviors exhibited by a group of attackers. We decided to … Read More

Microsoft DDE Exploit Email

Microsoft DDE Exploit Arriving in Email Accounts

Keya Horiuchi

A new Dynamic Data Exchange (DDE) exploit recently began arriving in email boxes to unsuspecting user endpoints. It masquerades as an attached invoice and leverages a Microsoft internal usability feature that allows one application to share data with another; for example, data from an Excel spreadsheet can be shared with a Word document. The weaponized DDE functionality in an attached … Read More


Cybersecurity Isn’t Always Easy and You’re Not Alone

Rick McElroy

Editor’s Note: This guest post was contributed by Rick McElroy, security strategist for Carbon Black. This article was first published on Information security. We love this job. We have to. We fight upstream in a world where no one really cares; or, at least, no one cares enough to do the bare minimum. We peek behind the curtain and see … Read More

Threat Detection 1157

Lateral Movement Using WinRM and WMI

Tony Lambert

Many organizations invest millions of dollars to bolster their systems and prevent attackers from gaining entry. Much less attention is given to the concept of lateral movement within an organization. Yet we’ve seen time and time again that once an adversary breaks through the crunchy outer layer of the network, the gooey center quickly becomes trivial to move about. Stopping … Read More

Atomic Red Team Training Session

Research in Action: How to Test Your Defenses With Atomic Red Team

Casey Smith, Michael Haag

In the weeks since we launched the Atomic Red Team testing framework, we’ve been blown away (no pun intended) by the security community’s response. Yesterday we had a hands-on training session, and it was even more exciting to hear directly from teams that are beginning to use the framework to improve their detections. We had so many great questions from attendees, … Read More