Cryptomining Native Windows Tools

Mining off the Land: Cryptomining Enabled by Native Windows Tools

Tony Lambert

A lesson I learned early in my career is that technology professionals often inherit older problems. This is especially true of administrators responsible for network services and security because they inherit the biggest snowball of problems: an enterprise network. Networks often grow in ways that make them harder to secure and maintain as they age, and admins often implement new … Read More

Behind the Scenes of an Active Breach (Part 1): Establishing Persistence

Keya Horiuchi

Preventing a breach is every security leader’s top priority. Stopping modern adversaries means having visibility and insight into their tactics, techniques, and behaviors. This two-part series takes readers behind the scenes of a compromised network environment in which multiple endpoints were infected with malware. Part 1 focuses on steps the malware took to establish persistence, while Part 2 will focus on … Read More

Atomic Red Team

Q&A from the “Automating Atomic Red Team” Webcast

Casey Smith, Michael Haag

There was a great turnout for the latest Atomic Red Team webcast! Thanks to all the people that attended. We had some outstanding audience questions on the new YAML structure, use cases, and CALDERA, MITRE’s automated adversary emulation system. We’ll use this post to go through some of the Q&A in case you couldn’t attend or had to jump off … Read More

Atomic Red Team

Introducing the Next Chapter of Atomic Red Team

Casey Smith, Michael Haag, Brian Beyer

It’s been nearly nine months since we launched Atomic Red Team and we’ve been blown away by the tremendous response from the community. It’s exciting to see so many teams testing their security controls and getting a better understanding of what they can and cannot detect. We initially created Atomic Red Team to help security teams (including our own) test … Read More

On the Night Shift

Slaying Evil Around the Clock with Red Canary’s Cyber Incident Response Team

Keya Horiuchi

Red Canary’s Cyber Incident Response Team (CIRT) is comprised of two groups: detection engineers and incident handlers. Our blog posts often focus on threats we detect, but it’s rare to get a glimpse of our incident handlers in action. This article will walk through a recent threat in a customer’s environment, from the initial discovery to the incident handling team’s … Read More

detection capability

Breathing Life into Detection Capability: the Creation of Detector #1236

Tony Lambert

In recent posts, we’ve gone behind the scenes with our detection engineering team to explain how we use detectors to improve the quality and efficiency of our threat detection operations. In this post, we’ll cover the creation of a detector: from the idea’s conception, to research and testing, to the moment it “comes to life” and is delivered into production. … Read More