Love The Vendor That Loves You Back

The sales machine is a complex beast and many may misinterpret who a good sales team is ultimately meant to serve. When salespeople want you as a customer, it’s their goal to bring you into the fold…


Defense in depth: The Equation Group Leak and DoublePulsar.

by: Rod Soto and Daniel Scarberry Unless you’ve been living under a rock you are probably familiar with the recent Shadow Brokers data dump of the Equation Group tools. In that release a precision…


Threat Hunting Part 3: Going Hunting with Machine Learning

Due to being busy with proof of concepts at the end of the quarter, I’ve been on the prowl for lazy hunting ideas. Every security person’s dream is to have interesting data come to them, but is this…


On the Hunt Part 2: Identifying Spear-Phishing Recon Activity-Collection of User Details with Ads for Spear Phishing Campaigns

A few weeks ago, I published a Base64 decoding article. The findings from this ranged from process ID numbers, application and version detection, to the blatant collection of email addresses. With…


From Targeted Attack to Rapid Detection

From Targeted Attack to Rapid Detection Yesterday I was hit with a targeted phishing email that was incredibly good. The email was terse and had a 7 hour time window for which I needed to open the…


On the Hunt - Threat Hunting with Base64 Decoder

Every now and again you hit a day where you just feel like scrolling. One of those lazy, rainy days just before the holidays. Today is one of those days and that's where my less efficient threat…


From Big Data to Beautiful Data: Bridging the gap from Threat Hunter to C-Suite graphs with Zeppelin notebooks and D3

In my previous posts we worked through a number of Threat Hunting queries and data mining ideas. In the end we left off with how to demonstrate and translate value to the C-Suite. This has lead me…


Threat Hunting with your hands tied - This is Big Data Part II

  Threat hunting isn’t only about finding compromised assets, it’s also performing the predictive function of finding the holes a malicious attacker might take advantage of. As I mentioned last…


Threat Hunting with your hands tied - This is Big Data Part I

The Stage: When walking into a Fine China shop, you can look, but Do Not Touch! This concept applies in a customer Proof of Concept; you can't influence the infrastructure or applications, you can't…


Why are we using logs to do the networks job?!

  Why cook eggs on a glass stove instead of using the non-stick pans in the cupboard? Sure it’ll cook the eggs, but it is not the proper tool for the job. So, why is the SOC using endpoint logs…