Shutting Down OSX/Shlayer

Shlayer is a piece of malware that exclusively targets macOS systems. It’s been making the rounds since at least February 2018, primarily by masquerading as an Adobe Flash Player update, although it occasionally mimics other application installers as well. These fake installers are mostly being delivered by peer-to-peer torrent sites and via malvertising. Once Shlayer infects […]

Defense Evasion and Phishing Emails

Our faithful readers are no doubt quite familiar with various threats associated with attachments to emails. After all, we’ve all seen malicious PDFs, Microsoft Office files, binaries, compressed archives, and even the occasional oddity such as a Java archive (JAR), Visual Basic Script (VBS), or JavaScript directly attached to emails. It is even one of the […]

Stopping Emotet Before it Moves Laterally

We’ve written a lot about lateral movement on this blog, and we’re about to take a long look at the tactic with some of our friends from MITRE and Carbon Black in an upcoming webinar. However, if you’re dealing with lateral movement, it’s likely something has already gone wrong in your environment. As a precursor to our lateral movement […]

Five Great Talks from the SANS CTI Summit

From the tactical security implications of Europe’s General Data Protection Regulation (GDPR) to an examination of old cyberattacks with new intel tooling, the seventh annual SANS Cyber Threat Intelligence Summit wrapped up last week in Arlington, Virginia, and it featured a handful of interesting talks. Without further introduction, here are our favorite talks (in order […]

Suppressors 101: How to Filter Out False Positives

In roughly five years, more than 69 million events have entered our detection engine. Just 10 million had to be analyzed by our detection engineers. So what happened to the other 59 million events? In this article, we want to take you on a short journey into a critical piece of the Red Canary engine […]

Goalkeepers Win Games: How a Change in Mindset Can Help Defenders Be More Effective

Detecting All the Things with Limited Data

Despite spending millions of dollars annually on information security, organizations invariably realize that their security tools and controls—no matter how costly or advanced—have limitations. Whether it’s endpoint detection and response (EDR) or a firewall, you’re going to find blind spots. The trick is to identify these limitations early and often, and to compensate with controls […]