A Bird’s Eye View: Behind the Scenes of Beastmode

Dave Epperly

There’s a thing we do at Red Canary called BEASTMODE. No beating around the bush here; it’s a corporate all-hands. On a quarterly basis, the remote teams come to the Denver office and we spend three intense days together. The reason it’s called BEASTMODE is that in the very early days of the company, we’d spend endless hours in a single … Read More

Threat Hunting With Entropy

Using Entropy in Threat Hunting: a Mathematical Search for the Unknown

Ben Downing

“Antivirus is dead” is a common refrain in the information security space, but if you look below the surface, what it really means is “atomic indicators are dead.” While there is value in static indicators, they are the bare minimum standard for detection these days and suffer from numerous drawbacks. Behavioral indicators are the next level, which use knowledge of … Read More

Call to Arms: 4 Things Everyone in InfoSec Should Stop Doing Right Now

Joe Moles

While I’ve always been passionate about working in InfoSec, I can’t help but feel jaded about the way our industry approaches some things. We run around pointing fingers at each other with slander marketing, we use Twitter as an intel sharing platform, and we cry out that the sky is falling every time a researcher posts a new post exploit … Read More

Credential Access

Damage from Malicious Admins and Credential Access

Tony Lambert

Good security sometimes requires us to get back to basics on a number of things, including how we use and secure administrative credentials. Admin accounts enable us to configure all sorts of technologies, from software installations and Windows network controls to WordPress servers. If you can administer it, odds are good that there’s a special account for it. Because these … Read More

Brian Beyer 2018 tech trends

As Featured in Forbes: CEO Brian Beyer on How Tech Trends Will Disrupt Cyber Security In 2018

Red Canary

Julian Mitchell of Forbes recently sat down with Brian Beyer, CEO and co-founder of Red Canary, to talk about the vision behind the company, the future of cyber security, and top tech trends impacting the industry in 2018. Read the interview below. This article originally appeared in Forbes. What was the specific void or opportunity you identified that inspired the … Read More

Atomic Red Team Training Session

Detonate, Detect, Analyze: the Applied Research Team Answers Audience Questions

Casey Smith, Michael Haag

We recently held our second Atomic Red Team training session and were once again blown away by the positive response from the security community. As researchers, nothing is more exciting than taking our work out of the lab and teaching other security professionals how to apply the tests to improve their defenses. It was especially exciting to see multiple team members … Read More

Detecting Application Shimming: A Story About Continuous Improvement

Frank McClain

A long time ago, in a land far away, there lived a shim detector. The shim detector monitored data coming from Endpoint Detection and Response (EDR) platforms, watching for modifications to certain registry paths. It did its job well, but unfortunately it made so much noise that analysts didn’t want to listen to what it had to say. So What’s … Read More