Skip Navigation
Get a Demo
 
Senior Threat Researcher

Justin Schoenfeld

Justin is responsible for analyzing new cloud attack techniques and understanding different telemetry sources. He gained his B.A. in Computing Security from the Rochester Institute of Technology. His love for cloud and identity telemetry came from his experience with analyzing email-based attacks while serving as a detection engineer within Red Canary's Customer Security Operations team.
By This Author
How adversaries use Entra ID service principals in business email compromise schemes
May 16, 2024
Microsoft
How adversaries use Entra ID service principals in business email compromise schemes
Investigating legacy authentication: The curious case of “BAV2ROPC”
June 7, 2023
Microsoft
Investigating legacy authentication: The curious case of “BAV2ROPC”
Diary of a Detection Engineer: Exposing and shutting down an inbox heist in action
March 16, 2023
Threat detection
Diary of a Detection Engineer: Exposing and shutting down an inbox heist in action
Cloud coverage: Detecting an email payroll diversion attack
October 6, 2022
Cloud security
Cloud coverage: Detecting an email payroll diversion attack
Detecting suspicious email forwarding rules in Office 365
May 31, 2022
Cloud security
Detecting suspicious email forwarding rules in Office 365
Remote access tool or trojan? How to detect misbehaving RATs
August 19, 2021
Threat detection
Remote access tool or trojan? How to detect misbehaving RATs
Rclone Wars: Transferring leverage in a ransomware attack
May 4, 2021
Threat detection
Rclone Wars: Transferring leverage in a ransomware attack
Catch me if you code: how to detect process masquerading
February 9, 2021
Threat detection
Catch me if you code: how to detect process masquerading
 

See Red Canary in action

Schedule your demo now
Get a Demo

Security gaps? We got you.

Get curated insights on managed detection and response (MDR) services, threat intelligence, and security operations—delivered straight to your inbox every month.

 
 
 
 
Back to Top