Director of Threat Research, Red Canary

Matt Graeber

Matt has worked the majority of his security career in offense, facilitating his application of an attacker’s mindset to detection engineering which involves developing detection evasion strategies. By pointing out gaps in detection coverage, Matt is able to effectively offer actionable detection improvement guidance. Matt loves to apply his reverse engineering skills to understand attack techniques at a deeper level in order to more confidently contextualize them, understand relevant detection optics, and to understand the workflow attackers use to evade security controls. Matt is committed to making security research both accessible and actionable.
 
Steering clear of bad drivers: How to apply Microsoft’s recommended driver block rules
 
The adversary’s gift: When one technique opens a Pandora’s box
 
Diary of a Detection Engineer: Babysitting child processes
 
Tales from decrypt: Differentiating decryptors from ransomware
 
Does signed mean trusted? The Mimikatz dilemma
 
The why, what, and how of threat research
 
Testing adversary technique variations with AtomicTestHarnesses
 
Remapping Red Canary with ATT&CK sub-techniques