Before testing your security controls, it’s extremely beneficial to understand the threat actors your organization may be facing. Nick Carr at FireEye published an excellent post a while back on how an actual adversary operates. We strongly encourage you to check it out for a solid understanding of the capabilities and behaviors exhibited by a group of attackers. We decided to … Read More
Red Canary Introduces Atomic Red Team, a New Testing Framework for Defenders
How do you know your security solutions are tuned and ready to face actual adversaries? Are you testing new or existing products to provide assurances for detections? If you’re like many teams, you may lack the internal resources or expertise to simulate a specific adversary tactic or technique. That is why we recently created Atomic Red Team, a testing framework … Read More
Operationalizing Data With the Carbon Black and Splunk Integration (Part 1)
Over the last 5 years I have grown very close to Splunk. The product has evolved so much over the years, but the core architecture has always been easy to deploy and understand. Splunk is known for the speed at which it can search for data, the reliability of its architecture, and the ability to spin up multiple indexers and … Read More
Using Carbon Black Response to Mitigate ETERNALBLUE
In case you’ve been under a rock: There’s a wee problem with ransomware, fueled by the public release of a handful of high quality access (exploit) and persistence (backdoor) utilities. Most recently, these have manifested in the form of the WannaCry and Petya epidemics. While good intelligence on Petya infection vectors and lateral movement techniques are in a state of … Read More
How to Baseline and Inventory an Environment in Minutes with Carbon Black Response + Surveyor
Years ago, as Red Canary began to scale security operations atop the Carbon Black (Cb) Response platform, we immediately started to identify some common use cases: Incident response and investigations Root cause analysis Inventory Cb Response was built for the express purpose of supercharging the incident response process. Instead of painstakingly collecting terabytes of data that need to be loaded, … Read More
Detecting Snake Malware Using Carbon Black Response
Detecting Snake malware may be difficult as Snake is a relatively complex framework that includes persistence, information stealing, and communications modules among other capabilities. When researchers at Fox-IT announced the porting of the Snake malware framework from Windows to the Mac platform, we had a need to look retrospectively across our customer base to identify any potential Snake malware victims. … Read More