2015 Bit9+Carbon Black User XChange: All about that (user) base, ’bout that base, ’bout that base

We recently had the privilege of sponsoring and attending the 2015 Bit9+Carbon Black User XChange conference in Las Vegas, NV. Though we’ve been using the Carbon Black technology since its inception, this was our first time attending the User XChange and we wanted to share what we learned for those who couldn’t attend or those […]

What Red Canary Detects: Spotlight on Process Injection

Red Canary’s threat detection leverages the five event types collected by Carbon Black’s endpoint monitoring platform: file modifications, registry modifications, network connections, process tree information, and binary collection. These data points are streamed into our proprietary Threat Detection Engine that was purpose built to perform automated binary, behavioral and threat intelligence analysis to find anomalous […]

Detection Profile: Silent Periodic Activity

One hallmark for many malware events is the regular periodic behavior they present when rallying for and checking in with their command and control servers.  The check-in interval can be a very useful metadata point in hunting an adversary.  However, the constant state of change that attackers can use for their own infrastructure makes this […]

Detecting CVE-2015-1130 on Mac OS X Endpoints

Security researcher Emil Kvarnhammar released details related to his discovery of the latest vulnerability in Mac OS X – CVE-2015-1130 – on his blog today. The vulnerability exists in Apple’s Admin.framework and allows unprivileged users to elevate their privileges to root on any vulnerable system. Mac OS X versions 10.7 through 10.10.2 inclusive are vulnerable […]

Harnessing the full power of the Carbon Black API

We work with Carbon Black every day at Red Canary. We are excited to announce the open sourcing of our Python API that allows for deeper and intuitive exploration of the Carbon Black datastore. This “CbApi2” is available at GitHub so everyone can enjoy easy and efficient programmatic access to Carbon Black data. There are […]

Visibility Becomes Paramount As Endpoints and MSSPs Heat Up

This is a guest post contributed by Benjamin Johnson, Chief Security Strategist, Bit9 + Carbon Black. The endpoint security space is hot right now. The managed security provider space is also hot right now. So it only makes sense that managed endpoint security, in one form or another, is the place to be. You cannot […]

Apple OS X: Now With Red Canary Threat Detection Coverage

While Apple OS X has seen increasing market share in many enterprises, the security market has so far failed to provide a corresponding expansion in OS X coverage. Similarly, the once-held and thoroughly misguided concept that “Apple doesn’t get malware” is finally starting to die with the release of several families of malware targeting OS X users. Combined, […]

Detecting CVE-2014-1776: Internet Explorer Zero-Day

Red Canary is actively detecting CVE-2014-1776, the latest “Internet Explorer zero-day,” on the endpoint by leveraging our global network of managed Bit9+Carbon Black sensors. This post provides some insight into how you can do the same. We know this exploit targets Internet Explorer (iexplore.exe), requires VGX.dll be loaded by the targeted iexplore.exe process, and is […]