Red Canary’s best of 2023

Many of us spent 2023 on the road. Taylor’s Eras Tour, Beyoncé’s Renaissance, and Red Canary’s Threat Detection Series Live! all had equal cultural impact. But for every Canary you spotted hamming it up at RSA and Black Hat, dozens more had hands-on-keyboard, thwarting threats and living to tell the tales. From “hot vuln summer” to Qbot’s apparently short-lived takedown, here is the best content Red Canary produced in 2023.

Best new blogs

These were the most read, most shared, and most discussed articles we published in 2023.

1. Introducing Red Canary Mac Monitor

2. Why Taylor Swift fans should work in cybersecurity

3. Investigating legacy authentication: The curious case of “BAV2ROPC“

4. eBPF: A new frontier for malware

5. Adversaries exploit Confluence vulnerability to deploy ransomware

Best legacy blogs

These classics still get steady traffic each month, remaining relevant–in some cases years after publication.

1. Raspberry Robin gets the worm early (from 2022)

2. Frankenstein was a hack: the copy/paste cryptominer (from 2019)

3. Detecting suspicious email forwarding rules on Office 365 (from 2022)

4. The Goot cause: Detecting Gootloader and its follow-on activity (from 2022)

5. Windows Registry attacks: Knowledge is the best defense (from 2017)

Best of social media

Here are some of the more useful things we posted to social media this year.

Best of Twitter

As students head back to school, defenders should also get their pencils out. From mid-July continuing into early August 2023, Red Canary observed multiple email account compromise campaigns targeting educational institutions. https://t.co/cnTftlPNSW pic.twitter.com/Fw6a0wQw9F

— Red Canary (@redcanary) August 14, 2023

A great question. LOLBINs are defined by their ability to subvert security controls in addition to being legitimate utilities. There isn’t a direct corollary in the cloud, but a few things come close. Short🧵incoming. https://t.co/ezxXrmHzBO

— Red Canary (@redcanary) September 26, 2023

Best of LinkedIn

Best educational resources

These are some of our flagship resources to help defenders figure out which threats to prioritize while fine-tuning their detection capabilities.

1. Atomic Read Team

2. The 2023 Threat Detection Report

3. Incident Response & Readiness Guide

4. How to increase visibility and improve cloud security

5. Crash course on Microsoft Defender for Endpoint

Best webinars

After taking our beloved Threat Detection Series on the road, we adapted all of the in-person talks into on-demand webinars hosted throughout the year. Here are the most popular educational videos of 2023:

1. The Detection Series: PowerShell

2. Grand Theft Creds: Info-stealing malware edition

3. Train hard, fight easy: Fast, effective response to modern threats

4. Get in loser, we’re detecting threats

5. Drop it like it’s Qbot

Best escape from our tortured reality

What better way to cope with a never ending stream of bleak headlines than to pretend to be someone else? With help from our friends at Black Hills Information Security, Red Canary released a custom expansion pack for the Backdoors and Breaches role-playing game. Watch our playthrough below and spin up your own game using the online version.

Much more in 2024

May your days be merry and incident-free. We’ll be ringing in the new year listening to Threat sounds vol. 3 (now taking requests for next year’s playlist!). We look forward to supporting the security community throughout 2024 and beyond.