Credential Access

Damage from Malicious Admins and Credential Access

Tony Lambert

Good security sometimes requires us to get back to basics on a number of things, including how we use and secure administrative credentials. Admin accounts enable us to configure all sorts of technologies, from software installations and Windows network controls to WordPress servers. If you can administer it, odds are good that there’s a special account for it. Because these … Read More

Brian Beyer 2018 tech trends

As Featured in Forbes: CEO Brian Beyer on How Tech Trends Will Disrupt Cyber Security In 2018

Red Canary

Julian Mitchell of Forbes recently sat down with Brian Beyer, CEO and co-founder of Red Canary, to talk about the vision behind the company, the future of cyber security, and top tech trends impacting the industry in 2018. Read the interview below. This article originally appeared in Forbes. What was the specific void or opportunity you identified that inspired the … Read More

Atomic Red Team Training Session

Detonate, Detect, Analyze: the Applied Research Team Answers Audience Questions

Casey Smith, Michael Haag

We recently held our second Atomic Red Team training session and were once again blown away by the positive response from the security community. As researchers, nothing is more exciting than taking our work out of the lab and teaching other security professionals how to apply the tests to improve their defenses. It was especially exciting to see multiple team members … Read More

Detecting Application Shimming: A Story About Continuous Improvement

Frank McClain

A long time ago, in a land far away, there lived a shim detector. The shim detector monitored data coming from Endpoint Detection and Response (EDR) platforms, watching for modifications to certain registry paths. It did its job well, but unfortunately it made so much noise that analysts didn’t want to listen to what it had to say. So What’s … Read More

Atomic Red Team Chain Reactions

Testing Detection and Prevention Tools With Atomic Red Team “Chain Reactions”

Casey Smith, Michael Haag

The very nature of Atomic Red Team is to allow for customization of different testing units to determine coverage, prevention, or detection within your environment. Chain reactions are a concept we developed to enable security teams to combine multiple MITRE ATT&CK™ techniques and execute them simultaneously. You can use these free-form methods to either build a sequence of events or … Read More

eggshell tool mac post-exploitation

How to Detect and Defend Against the EggShell Surveillance Tool for MacOS

Adam Mathis

As macOS and Linux systems have become more commonplace in enterprises, so has the tooling to compromise them and facilitate post-exploit hijinks. For those charged with defending macOS and Linux systems, knowing how to detect and defend against this activity is critical. Even unsophisticated attackers can use these tools to infiltrate a system, perform reconnaissance, escalate privilege, and move laterally … Read More

Red Canary and CrowdStrike

Red Canary and CrowdStrike: Birds Join Forces

Chris Rothe

We are very excited about our new partnership with CrowdStrike®. Red Canary can now provide our industry-leading hunting and response using Falcon’s Endpoint Detection and Response (EDR) data. We have a very simple goal at Red Canary: to make companies’ security better. From day one, we started with that single goal and asked what we could do to make the … Read More