Credential Harvesting

Credential Harvesting on the Rise

Keith McCammon, Chief Security Officer

Red Canary began to see its annual spike in credential harvesting attacks last week. These attacks typically increase as tax season approaches and adversaries gear up to file fraudulent tax returns. Here’s what organizations need to know to understand and mitigate the risk. How Credential Harvesting Works Adversaries send the victim a personalized lure, which is typically an email containing … Read More

Celebrating Red Canary’s Best Security Blogs of 2017

Suzanne Moore

2017 was a big year for the Red Canary blog! We wrote dozens of articles and added a roster of outstanding contributors—ranging from security analysts, threat researchers, technical account managers, and incident responders to C-level security experts both inside and outside of Red Canary. A few articles really caught the attention of the security community in 2017, so we wanted … Read More

Security Team

What Makes a Great Security Team? 4 Standout Qualities

Ben Johnson

This guest post was contributed by Ben Johnson, co-founder and CTO of Obsidian Security, a stealth startup based in Southern California. Prior to Obsidian, Ben co-founded and was CTO of Carbon Black. In infosec, we are often quick to call out the people, processes, and technology that we believe are selling snake-oil, are needlessly inefficient, or don’t perform as expected. … Read More

Atomic Red Team Testing

Atomic Red Team Tests: Catching the Dragon by the Tail

Casey Smith, Michael Haag

Before testing your security controls, it’s extremely beneficial to understand the threat actors your organization may be facing. Nick Carr at FireEye published an excellent post a while back on how an actual adversary operates. We strongly encourage you to check it out for a solid understanding of the capabilities and behaviors exhibited by a group of attackers. We decided to … Read More


Cybersecurity Isn’t Always Easy and You’re Not Alone

Rick McElroy

Editor’s Note: This guest post was contributed by Rick McElroy, security strategist for Carbon Black. This article was first published on Information security. We love this job. We have to. We fight upstream in a world where no one really cares; or, at least, no one cares enough to do the bare minimum. We peek behind the curtain and see … Read More

Atomic Red Team Training Session

Research in Action: How to Test Your Defenses With Atomic Red Team

Casey Smith, Michael Haag

In the weeks since we launched the Atomic Red Team testing framework, we’ve been blown away (no pun intended) by the security community’s response. Yesterday we had a hands-on training session, and it was even more exciting to hear directly from teams that are beginning to use the framework to improve their detections. We had so many great questions from attendees, … Read More

Carbon Black and Splunk

Operationalizing Carbon Black Response with Splunk (Part 2): Advanced Data Analysis

Michael Haag

Data analysis (or as some call it, Threat Hunting) can be cumbersome and overwhelming at any scale. However, Splunk has the ability to greatly reduce this complexity. In the first part of our Carbon Black Response and Splunk series, we focused on retrieving your data from Carbon Black Response and getting it into Splunk. Now it’s time to take a … Read More