Clik here to view.
Using Deep Learning to Detect DGAs
The presence of domain names created by a Domain Generation Algorithm (DGA) is a telling indicator of compromise. For example, the domain xeogrhxquuubt.com is a DGA generated domain created by the...
View ArticleClik here to view.
Another 0day, Another Prevention
A new 0day against the popular browser Firefox was revealed yesterday which specifically targets the popular “Tor Browser” project, a favorite of Tor users. The Endgame Vulnerability Research &...
View ArticleHow to Hunt: Finding the Delta
Identifying outliers or anomalous behavior depends heavily on a robust and credible understanding of those baseline characteristics within a network. Normal behavior and attributes vary significantly...
View ArticleThe Global Trend Toward Cyber Sovereignty
Last month, as much of the world’s attention was elsewhere, the Chinese government announced their new cybersecurity law. While the new law ostensibly was adopted to increase security, a range of...
View ArticleToday's Statement on Russian Hacking in Context
On October 7, 1996, the Pentagon publicly attributed – without repercussions – a vast digital data breach and espionage to the Russians, later dubbed Moonlight Maze. Fast forward twenty years to the...
View ArticleReflections on Grizzly Steppe
On December 29, 2016, the United States Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) released a joint analysis report (JAR) detailing, in their words, “tools and...
View ArticleClik here to view.
Dude! Where's my Ransomware?: A Flare-On Challenge
There are many tricks to the tradecraft when analyzing unknown binaries, and it requires constant honing of skills to stay on top of the latest malware and campaigns. Solving reverse-engineering...
View ArticleClik here to view.
Artemis: An Intelligent Assistant for Cyber Defense
You’ve used them for directions, to order pizza, to ask about the weather. You’ve called them by their names Siri, Alexa, Cortana... You speak to them like you know them, like they can understand you....
View ArticleClik here to view.
Designing the Intelligent Assistant: Part 1, Design Principles
As we enter 2017, there has been one particular user experience (UX) trend that designers can no longer ignore: chatbots.While some debate their practicality, others believe it to be the internet’s...
View ArticleClik here to view.
Cybersecurity Interrupted
Last night, in collaboration with Foreign Policy Interrupted, we hosted a discussion addressing the key geopolitical trends and challenges in cybersecurity. We were fortunate to have a great group of...
View ArticleEndgame and Morphick: Closing the Gap in Advanced Cyber Threat Response
In my recently released book Facing Cyber Threats Head On, I spend a lot of time discussing how contemporary cyber security is just as much about stopping people (the attackers) as it is about stopping...
View ArticleWorld, Meet MalwareScore
Sharing ideas, tools, and techniques among our community of defenders makes everyone sharper and safer. To that end, we previously received third party certification, joined AMTSO, have published and...
View ArticleThe RSA Keynote & A Call for Digital Norms
Yesterday’s RSA keynote by Brad Smith, Microsoft’s President and Chief Legal Officer, has the industry finally buzzing about the creation of global digital norms. In his accompanying blogpost, “The...
View ArticleClik here to view.
Lessons from the Trenches: Obfuscation and Pattern Recognition
Code deobfuscation and pattern recognition are as much an art as a science. In the past, we’ve talked about automating many aspects of proactive detection, such as through delta analysis, scripts, or...
View ArticleClik here to view.
The Chakra Exploit and the Limitations of Modern Mitigation Techniques
Last November, Microsoft released a security update for Microsoft Edge which included patches for vulnerabilities CVE-2016-7200 and CVE-2016-7201, which were discovered by Google Project Zero. Earlier...
View ArticleClik here to view.
Dropping AtomBombs: Detecting DridexV4 in the Wild
Banking trojans have been around for years, but gained greater visibility in 2015 and into 2016 as they moved from targeting European banks to American banks. We previously discussed the Odinaff...
View ArticleElevating the Voice of Women in Security
Political psychologists are exploring whether efforts aimed to increase awareness of women’s under-representation in politics make women less likely to seek public office. Security seems to be in the...
View ArticleClik here to view.
Protecting Against Shamoon 2 and Stonedrill: In the Crossfire of Geopolitics...
At the end of January, Saudi Arabia’s telecom authority issued an alert warning about Shamoon 2, a wiper malware that hit several organizations, including three government agencies and four private...
View ArticleClik here to view.
Reverse Engineering Malware 101 Workshop
Reverse engineering already sounds like black magic, when in reality it simply entails lots of practice and strong foundations in computer science concepts. Think of it like learning a new language....
View ArticleA Primer on North Korean Targeted Digital Attacks
As tensions rise between North Korea and the United States, Secretary of Homeland Security, John Kelly, proclaimed North Korea currently is a more probable cyber threat than a kinetic threat. Given...
View Article