5 Steps Retailers Can Take to Protect POS Systems Ahead of the Busy Holiday Season

By: August 21, 2015
POSholiday

By Chris Strand and Jim DeLorenzo While many IT security professionals are enjoying the warm summer weather, those in the retail industry are already thinking ahead to the busy holiday season. The bad news is that so are cyber criminals,… Read More

#BENVLOG: The Importance of Checks and Balances in Cyber Defense

By: August 20, 2015
benblog

After a recent trip to Washington, Bit9 + Carbon Black’s Chief Security Strategist, Ben Johnson, discusses the importance of checks and balances in your cyber defense program.

Packer Detection with Assembly Mnemonics

By: August 18, 2015
packer

This year I had the pleasure of presenting at DEF CON. The goal of the research I presented was to look at identifying various packers, compilers and cryptors by using patterns in assembly mnemonics, in addition to a couple other… Read More

Clearing the “Fog of Cyber War” Requires Vision, Intelligence

By: August 18, 2015
fog1

Being an information security analyst is one of the most confusing jobs in corporate America today. Once merely IT drones focused on network firewalls and configuring antivirus, SecOp teams now find themselves at the intersection of three growing, dynamic trends… Read More

As Lenovo Covertly Downloads Unwanted Software, Carbon Black Sees It All

By: August 17, 2015
lenovo

We love learning new things and the latest revelation around how Lenovo was using a little known Microsoft feature, the Windows Platform Binary Table (WPBT), to silently inject software into Windows installations is a case in point. Where Lenovo failed… Read More

How to Detect PowerShell Empire with Carbon Black

By: August 14, 2015
pshell

Brief Overview: Carbon Black can detect PowerShell Empire behavior using the following watchlists: cmdline:”powershell.exe -NoP -NonI -W Hidden -Enc” cmdline:” -s -NoLogo -NoProfile” AND process_name:powershell.exe ALTERNATE: cmdline:””C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe” -s -NoLogo -NoProfile” ipaddr: <PowerShell Empire C&C Address> Once the PowerShell Empire C&C… Read More