Being an information security analyst is one of the most confusing jobs in corporate America today. Once merely IT drones focused on network firewalls and configuring antivirus, SecOp teams now find themselves at the intersection of three growing, dynamic trends… Read More
We love learning new things and the latest revelation around how Lenovo was using a little known Microsoft feature, the Windows Platform Binary Table (WPBT), to silently inject software into Windows installations is a case in point. Where Lenovo failed… Read More
Brief Overview: Carbon Black can detect PowerShell Empire behavior using the following watchlists: cmdline:”powershell.exe -NoP -NonI -W Hidden -Enc” cmdline:” -s -NoLogo -NoProfile” AND process_name:powershell.exe ALTERNATE: cmdline:””C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe” -s -NoLogo -NoProfile” ipaddr: <PowerShell Empire C&C Address> Once the PowerShell Empire C&C… Read More
I was pleased with the number of data science talks at Black Hat this year. Sadly, I couldn’t attend all of the sessions but I was able to attend three: 1 – “Why Security Data Science Matters and How It’s… Read More
In his latest video blog, Bit9 + Carbon Black Chief Security Strategist Ben Johnson discusses how organizations are looking to build APIs and technology integrations into their cyber defense programs.
The Stop Online Piracy Act (SOPA), the proposed law defeated after public outcry in 2012, may be working its key component into de facto law after all. How? Well, that’s where this gets a little unusual. SOPA was originally introduced… Read More