Director of Threat Research, Red Canary

Matt Graeber

Matt has worked the majority of his security career in offense, facilitating his application of an attacker’s mindset to detection engineering which involves developing detection evasion strategies. By pointing out gaps in detection coverage, Matt is able to effectively offer actionable detection improvement guidance. Matt loves to apply his reverse engineering skills to understand attack techniques at a deeper level in order to more confidently contextualize them, understand relevant detection optics, and to understand the workflow attackers use to evade security controls. Matt is committed to making security research both accessible and actionable.
Better know a data source: Antimalware Scan Interface
Better know a data source: Process command line
Steering clear of bad drivers: How to apply Microsoft’s recommended driver block rules
The adversary’s gift: When one technique opens a Pandora’s box
Diary of a Detection Engineer: Babysitting child processes
Tales from decrypt: Differentiating decryptors from ransomware
Does signed mean trusted? The Mimikatz dilemma
The why, what, and how of threat research