Detecting Remote Access Trojan

We Smell a RAT: Detecting a Remote Access Trojan That Snuck Past a User

Julie Brown

You can have the best firewalls and perimeter defenses in place, but if your users aren’t aware of phishing techniques and malicious email attachments, it can be your undoing. Today we’re going to break down an attack that we detected for a Red Canary customer in which a malicious executable was renamed to look like an important document. While it’s … Read More

Threat Hunting at Scale

Threat Hunting at Scale: Techniques & Tools to Mature Your Program

Michael Haag

Performing threat hunting at scale is no simple task. Many organizations today deal with massive volumes of data, reviewing terabytes of information on a monthly, weekly, or daily basis. Looking for new behaviors and using the data to tune and enhance capabilities is a continuous process. My last organization ingested 500+Gb of Carbon Black Response data daily in Splunk. As … Read More

Carbon Black and Splunk

Operationalizing Carbon Black Response with Splunk (Part 2): Advanced Data Analysis

Michael Haag

Data analysis (or as some call it, Threat Hunting) can be cumbersome and overwhelming at any scale. However, Splunk has the ability to greatly reduce this complexity. In the first part of our Carbon Black Response and Splunk series, we focused on retrieving your data from Carbon Black Response and getting it into Splunk. Now it’s time to take a … Read More

Threat Intelligence

Common Security Mistake #3: Aimless Use of Threat Intelligence

Phil Hagen

“Threat Intelligence” is the latest security concept to undergo aggressive cyber-buzzwordification (this is a real word). This is common in the information security industry, and follows a very predictable cycle: Discovery A real and valuable concept starts to take hold, and high-functioning security teams leverage the concept with great success. Socialization In a genuine interest to improve the security game, … Read More

Threat Hunting for Dridex

Threat Hunting for Dridex Attacks: Top Questions from Security Teams

Joe Moles

I recently spoke on a threat hunting webinar with our partner Carbon Black in which we dove into Dridex attacks: how they work, why they’re so effective, and how security teams can detect them through a proactive threat hunting approach. For anyone who’s unfamiliar with Dridex, the malware evades signature-based detection and is built to harvest the banking credentials of … Read More

Automated Threat Hunting

Automated Threat Hunting: the Man vs Machine Debate

Frank McClain

There has been a fair amount of discussion (and disagreement) about the role of machines and automated threat hunting. It’s the endless debate of man vs machine—or, as I like to think of it, “AI vs AI.” You might wonder how man/machine is the same as AI/AI, but that’s pretty simple: one stands for “Artificial Intelligence” and the other is … Read More

Threat Hunting vs Threat Mining

There’s Gold in Those Endpoints: Threat Mining vs Threat Hunting

Joe Moles

In my last post I talked about what threat hunting is and is not. Between that and our recent webinar on threat hunting, I’ve gotten a lot of questions and wanted to follow up with a deeper dive into how Red Canary analysts use threat hunting to find threats on behalf of our customers. My team eats, sleeps, and breathes … Read More