Know your adversary. Explore threat detections.

Attackers move fast. We move faster. Red Canary’s security operations team monitors endpoint activity 24×7 to identify adversaries in our customers’ environments. Each investigation combines low-level data, curated intelligence, and ongoing research into attacker techniques, with deep investigation expertise. Go behind the scenes with these real-world threat detections written up by our security operations team.


Recent threats Red Canary has detected:


ARTICLE

How an Adversary Mixed Lateral Movement and Cryptomining


Read

ARTICLE

When Web Servers Go Cryptocurrency Mining


Read

ARTICLE

Damage from Malicious Admins and Credential Access


Read

ARTICLE

Microsoft DDE Exploit Arriving in Email Accounts


Read

ARTICLE

Lateral Movement Using WinRM and WMI


Read

ARTICLE

Using Alternate Data Streams to Bypass User Account Controls


Read

ARTICLE

Windows Registry Attacks: Knowledge Is the Best Defense


Read

ARTICLE

Whitelist Evasion Example: Threat Detection #723


Read

ARTICLE

Attacking a Mac: Threat Detection #392


Read

ARTICLE

We Smell a RAT: Detecting a Remote Access Trojan That Snuck Past a User


Read

ARTICLE

Detecting Ransomware: Behind the Scenes of an Attack


Read

ARTICLE

Old Phishing Attacks Deploy a New Methodology: Verclsid.exe


Read