detecting MSXSL attacks

Detecting MSXSL Abuse in the Wild

Ben Downing

The volume of research in the information security community is at an all-time high with researchers chasing zero-days, bug bounties, and ways to bypass new security controls. Despite this wealth of research, not all new techniques catch on. The same way you enjoy listening to your favorite songs, adversaries love to go back and work with their favorite time-tested techniques. … Read More

Threat Hunting with ATT&CK

Q & A: How to Use the MITRE ATT&CK™ Framework to Mature Your Threat Hunting Program

Suzanne Moore

You’ve heard the buzz around MITRE ATT&CK™ — but how do you apply this broad framework to your security program? Starting September 20, we’re kicking off a three-part webinar series to explore how top security teams use ATT&CK as a roadmap to mature and expand their threat hunting programs. For the first session, we’re excited to feature John Wunder, MITRE … Read More

Red Canary Exec: Security Automation and Orchestration Tools

Introducing Red Canary Exec, a New Security Automation Solution

Joren McReynolds

Threats can occur at any time of the day. They don’t care if you’re sleeping, if it’s the weekend, if you’re on vacation, or if you’re short-staffed. For many security teams, it’s a struggle to meet the time sensitivity requirements of containing and remediating threats. What happens when a threat hits your network at 3 a.m.? How do you enforce … Read More

retain security operations staff

4 Strategic Approaches to Retaining Security Operations Staff

Frank McClain

Search the internet on the subject of “InfoSec talent shortage” and you will get enough results to keep you busy for a long time. But if you’re in management or another leadership role, you don’t need the internet to prove there’s a problem. You feel the pain every time you search for a good candidate to fill an open position, … Read More

What Makes an Effective Security Architecture? (It’s Not More Products…)

Michael Haag

For much of the cybersecurity industry, purchasing new products every few years is the status quo to “staying ahead” of adversaries. We’ve built moats, extra high castle walls with barbed wire, added sharks with laser beams to the water, fortified the castle door—yet somehow, something evil still creeps its way in. The reality is, we need core cybersecurity products and … Read More

Threat Detection: Spearphishing Attack

Speared in a Click: Documents with Executables

Keya Horiuchi

Clicking on an attached document or link in an email can be the initial action that brings down a network. In the second it took you to read the first sentence, that click could have set off a chain of quiet, unseen commands. It could have executed PowerShell commands in the background, downloaded and executed additional payloads from an external … Read More

Red Canary and Endgame

Red Canary and Endgame Announce Partnership

Keith McCammon, Chief Security Officer

We are very excited to announce that Endgame and Red Canary have partnered to integrate Endgame’s endpoint telemetry into the Red Canary platform. Our teams have worked together for years on research, mapping adversary techniques to ATT&CK™, and most recently on designing Endgame’s streaming APIs for this integration. Endgame now supports the collection of not only process-level telemetry, but a … Read More