Build vs Buy

Build vs. Buy: Not Mutually Exclusive

Keith McCammon, Chief Security Officer

The “build vs buy” debate in security technology has been argued so many times that there are few unique positions left to take. Builders prioritize flexibility and control, while buyers prioritize predictable performance, scale, cost, and results. The debate continues not because there are groundbreaking arguments in favor of one or the other. The build vs buy debate continues because … Read More

Cryptomining Native Windows Tools

Mining off the Land: Cryptomining Enabled by Native Windows Tools

Tony Lambert

A lesson I learned early in my career is that technology professionals often inherit older problems. This is especially true of administrators responsible for network services and security because they inherit the biggest snowball of problems: an enterprise network. Networks often grow in ways that make them harder to secure and maintain as they age, and admins often implement new … Read More

Behind the Scenes of an Active Breach (Part 1): Establishing Persistence

Keya Horiuchi

Preventing a breach is every security leader’s top priority. Stopping modern adversaries means having visibility and insight into their tactics, techniques, and behaviors. This two-part series takes readers behind the scenes of a compromised network environment in which multiple endpoints were infected with malware. Part 1 focuses on steps the malware took to establish persistence, while Part 2 will focus on … Read More

Atomic Red Team

Q&A from the “Automating Atomic Red Team” Webcast

Casey Smith, Michael Haag

There was a great turnout for the latest Atomic Red Team webcast! Thanks to all the people that attended. We had some outstanding audience questions on the new YAML structure, use cases, and CALDERA, MITRE’s automated adversary emulation system. We’ll use this post to go through some of the Q&A in case you couldn’t attend or had to jump off … Read More

Atomic Red Team

Introducing the Next Chapter of Atomic Red Team

Casey Smith, Michael Haag, Brian Beyer

It’s been nearly nine months since we launched Atomic Red Team and we’ve been blown away by the tremendous response from the community. It’s exciting to see so many teams testing their security controls and getting a better understanding of what they can and cannot detect. We initially created Atomic Red Team to help security teams (including our own) test … Read More

On the Night Shift

Slaying Evil Around the Clock with Red Canary’s Cyber Incident Response Team

Keya Horiuchi

Red Canary’s Cyber Incident Response Team (CIRT) is comprised of two groups: detection engineers and incident handlers. Our blog posts often focus on threats we detect, but it’s rare to get a glimpse of our incident handlers in action. This article will walk through a recent threat in a customer’s environment, from the initial discovery to the incident handling team’s … Read More