Clik here to view.
What does Oman, the House of Cards, and Typosquatting Have in Common? The .om...
House of Cards Season 4 debuted on Netflix this past weekend, much to the joy of millions of fans, including many Endgamers. One particular Endgamer made an innocent, but potentially damaging mistake....
View ArticleWhen Unicorns are the Majority: The power of positivity when it comes to...
From academia to government to now industry, I’ve never worked in a field with more than 20 percent women, and that is being very generous. That is why it felt extremely strange to sit in a large room...
View ArticleThe Power Law of the Digital Pen: Adding Fuel to the Fire of Social Change
Over five years ago, the Arab Spring demonstrated the power of the digital domain in facilitating political and social change. The role of social media – still relatively nascent globally at that point...
View ArticleClik here to view.
Shifting the Narrative to Attract More Talent into Security
When talking with women about the cybersecurity industry, we always ask, “What do you think of when you hear the term hacker?” The response invariably describes a young, shady, socially-challenged guy...
View ArticleClik here to view.
Your Package Has Been Successfully Encrypted: TeslaCrypt 4.1A and the Malware...
IntroductionRansomware quickly gained national headlines in February after the Hollywood Presbyterian Medical Center in Los Angeles paid $17,000 in bitcoins to regain access to its systems. Since...
View ArticleClik here to view.
Hunting on the Cheap, Part 1: The Architecture
As security approaches reliant on known indicators of compromise (IOCs) are increasingly failing, “assume breach” has become a common expression in the industry. Far too often, intrusions go undetected...
View ArticleClik here to view.
Hunting on the Cheap, part 3: Hunting on Hosts
In our previousposts, we focused on hunting on the cheap by collecting and analyzing data on the network. However, hunting on networks is not the only option. In fact, a richer set of data to find...
View ArticleThe Real “Weakest Link” In Security Isn’t What You Think: Why We Should...
It’s an all-too familiar story: A company reports a data breach,and there’s an immediate blame game. Inevitably, we point the finger at humans — the person who responded to that phishing email ( a fake...
View ArticleDigital Sovereignty: Multi-Stakeholder vs. Beggar-Thy-Neighbor Digital Futures
What do Yeti, ICANN, and BRICs have in common? They are emblematic of the growing international jockeying for power to shape the global digital order. Absent a global cyber regime, nation-states...
View ArticleClik here to view.
Build Safer Programs Faster with OCaml
*/For many internal prototypes at Endgame, we adopt an agile development process to rapidly build proof-of-concept services which can then be deployed and reiterated upon to quickly address bugs and...
View ArticleDetecting Modern Adversaries: Why Signatures Are Not Enough
Cyber intrusions are continuing unabated with no end in sight. Ransomware is on the rise, massive data breaches are announced with such regularity that the public is becoming numb to their...
View ArticleClik here to view.
Mitigating Stagefright Attacks with the ARM Performance Monitoring Unit
Last summer, Stagefright became a household name after security researcher Joshua Drake highlighted vulnerabilities in the multimedia engine in Android that goes by the same name. His BlackHat USA talk...
View ArticleClik here to view.
Some Implications of the Brexit on the Digital Domain
The policy world will spend the day shocked that the Brexiteers defeated the Remainers by 52-48%, leading Prime Minister David Cameron to promise to resign this Fall. The majority of security...
View ArticleHacker's Guide to (Not) Having Your Passwords Stolen
Online credential theft has exploded in the past several years. This month alone, numerous breaches have affected millions of users of high profile websites such as LinkedIn, MySpace, vk.com, and...
View ArticleClik here to view.
ROP is Dying and Your Exploit Mitigations are on Life Support
Too often the defense community makes the mistake of focusing on the what, without truly understanding the why. This mindset often leads to the development of technologies that have limited...
View ArticleClik here to view.
Machine Learning: You Gotta Tame the Beast Before You Let It Out of Its Cage
Machine learning is a fashionable buzzword right now in infosec, and is often referenced as the key to next-gen, signature-less security. But along with all of the hype and buzz, there also is a...
View ArticleClik here to view.
It's a Bake-off!: Navigating the Evolving World of Machine Learning Models
In our previous blog, we reviewed some of the core fundamentals in machine learning with respect to malware classification. We provided several criteria for properly evaluating a machine learning...
View ArticleVegas Hacker Summer Camp 2016: Mind the Gap
"But the real magic comes when you take the expertise that you've got in security and you translate it and you rebuild it and you reform it. Don't be afraid to take the knowledge you have and make it...
View ArticleClik here to view.
Endpoint Malware Detection for the Hunt: Real-world Considerations
In the first blog post of this series, we discussed considerations for measuring and understanding the performance of machine learning models in information security. In the second post, we compared...
View ArticleClik here to view.
Capturing 0day Exploits with PERFectly Placed Hardware Traps
As we discussed in an earlier post, most defenses focus on the post-exploitation stage of the attack, by which point it is too late and the attacker will always maintain the advantage. Instead of...
View Article