There’s a thing we do at Red Canary called BEASTMODE. No beating around the bush here; it’s a corporate all-hands. On a quarterly basis, the remote teams come to the Denver office and we spend three intense days together. The reason it’s called BEASTMODE is that in the very early days of the company, we’d spend endless hours in a single … Read More
Using Entropy in Threat Hunting: a Mathematical Search for the Unknown
“Antivirus is dead” is a common refrain in the information security space, but if you look below the surface, what it really means is “atomic indicators are dead.” While there is value in static indicators, they are the bare minimum standard for detection these days and suffer from numerous drawbacks. Behavioral indicators are the next level, which use knowledge of … Read More
Call to Arms: 4 Things Everyone in InfoSec Should Stop Doing Right Now
While I’ve always been passionate about working in InfoSec, I can’t help but feel jaded about the way our industry approaches some things. We run around pointing fingers at each other with slander marketing, we use Twitter as an intel sharing platform, and we cry out that the sky is falling every time a researcher posts a new post exploit … Read More
Damage from Malicious Admins and Credential Access
Good security sometimes requires us to get back to basics on a number of things, including how we use and secure administrative credentials. Admin accounts enable us to configure all sorts of technologies, from software installations and Windows network controls to WordPress servers. If you can administer it, odds are good that there’s a special account for it. Because these … Read More
As Featured in Forbes: CEO Brian Beyer on How Tech Trends Will Disrupt Cyber Security In 2018
Julian Mitchell of Forbes recently sat down with Brian Beyer, CEO and co-founder of Red Canary, to talk about the vision behind the company, the future of cyber security, and top tech trends impacting the industry in 2018. Read the interview below. This article originally appeared in Forbes. What was the specific void or opportunity you identified that inspired the … Read More
Detonate, Detect, Analyze: the Applied Research Team Answers Audience Questions
We recently held our second Atomic Red Team training session and were once again blown away by the positive response from the security community. As researchers, nothing is more exciting than taking our work out of the lab and teaching other security professionals how to apply the tests to improve their defenses. It was especially exciting to see multiple team members … Read More
Detecting Application Shimming: A Story About Continuous Improvement
A long time ago, in a land far away, there lived a shim detector. The shim detector monitored data coming from Endpoint Detection and Response (EDR) platforms, watching for modifications to certain registry paths. It did its job well, but unfortunately it made so much noise that analysts didn’t want to listen to what it had to say. So What’s … Read More