Clearing the “Fog of Cyber War” Requires Vision, Intelligence

By: August 18, 2015

Being an information security analyst is one of the most confusing jobs in corporate America today. Once merely IT drones focused on network firewalls and configuring antivirus, SecOp teams now find themselves at the intersection of three growing, dynamic trends… Read More

As Lenovo Covertly Downloads Unwanted Software, Carbon Black Sees It All

By: August 17, 2015

We love learning new things and the latest revelation around how Lenovo was using a little known Microsoft feature, the Windows Platform Binary Table (WPBT), to silently inject software into Windows installations is a case in point. Where Lenovo failed… Read More

How to Detect PowerShell Empire with Carbon Black

By: August 14, 2015

Brief Overview: Carbon Black can detect PowerShell Empire behavior using the following watchlists: cmdline:”powershell.exe -NoP -NonI -W Hidden -Enc” cmdline:” -s -NoLogo -NoProfile” AND process_name:powershell.exe ALTERNATE: cmdline:””C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe” -s -NoLogo -NoProfile” ipaddr: <PowerShell Empire C&C Address> Once the PowerShell Empire C&C… Read More

Black Hat 2015 Data Science Recap

By: August 13, 2015

I was pleased with the number of data science talks at Black Hat this year. Sadly, I couldn’t attend all of the sessions but I was able to attend three: 1 – “Why Security Data Science Matters and How It’s… Read More

#BENVLOG: Black Hat Conversations Center Around APIs, Openness and Integrations

By: August 12, 2015

In his latest video blog, Bit9 + Carbon Black Chief Security Strategist Ben Johnson discusses how organizations are looking to build APIs and technology integrations into their cyber defense programs.

How SOPA Just May Become Law – Through 3D-Printed Braces for Teeth

By: August 11, 2015

The Stop Online Piracy Act (SOPA), the proposed law defeated after public outcry in 2012, may be working its key component into de facto law after all. How? Well, that’s where this gets a little unusual. SOPA was originally introduced… Read More