Operationalizing Data With the Carbon Black and Splunk Integration (Part 1)

Over the last 5 years I have grown very close to Splunk. The product has evolved so much over the years, but the core architecture has always been easy to deploy and understand. Splunk is known for the speed at which it can search for data, the reliability of its architecture, and the ability to […]

Improve Your Threat Detection: Inspect All of the New Everythings

When asked to describe the potential threats that Red Canary detects and confirms, we tend to frame the discussion around several big buckets: Bad things – the most obvious: malware and unwanted software, primarily. Good things gone bad – legitimate applications and services leveraged by a malicious actor . . . think PowerShell, WMIC, MSHTA, etc. Unusual things […]

Windows Registry Attacks: Knowledge Is the Best Defense

Let’s talk about the Windows registry… yes, that mysterious and oh-so-dangerous piece of the Windows operating system that we were warned against messing with from the moment we booted up our first PC. Turns out, the Windows registry is not as scary as everyone makes it out to be. Granted, if you do not know what […]

Microsoft HTML Application (HTA) Abuse, Part Deux

In our most recent Detection Profile, we looked at a red team’s post-exploitation activity as detected by Red Canary. The tool was identified through open sources as PoshRat, a PowerShell-based remote access tool that takes advantage of a security policy bypass in Microsoft HTML Applications (HTA) to establish a reverse shell. Unfortunately, HTA abuse is […]