By Chris Strand and Jim DeLorenzo While many IT security professionals are enjoying the warm summer weather, those in the retail industry are already thinking ahead to the busy holiday season. The bad news is that so are cyber criminals,… Read More
After a recent trip to Washington, Bit9 + Carbon Black’s Chief Security Strategist, Ben Johnson, discusses the importance of checks and balances in your cyber defense program.
This year I had the pleasure of presenting at DEF CON. The goal of the research I presented was to look at identifying various packers, compilers and cryptors by using patterns in assembly mnemonics, in addition to a couple other… Read More
Being an information security analyst is one of the most confusing jobs in corporate America today. Once merely IT drones focused on network firewalls and configuring antivirus, SecOp teams now find themselves at the intersection of three growing, dynamic trends… Read More
We love learning new things and the latest revelation around how Lenovo was using a little known Microsoft feature, the Windows Platform Binary Table (WPBT), to silently inject software into Windows installations is a case in point. Where Lenovo failed… Read More
Brief Overview: Carbon Black can detect PowerShell Empire behavior using the following watchlists: cmdline:”powershell.exe -NoP -NonI -W Hidden -Enc” cmdline:” -s -NoLogo -NoProfile” AND process_name:powershell.exe ALTERNATE: cmdline:””C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe” -s -NoLogo -NoProfile” ipaddr: <PowerShell Empire C&C Address> Once the PowerShell Empire C&C… Read More