Top 3 Requirements for Threat Hunting
With the SANS Threat Hunting Summit just days away, and adversary hunting gaining visibility across the industry, hunt is one of those terms that is frequently mentioned but not well-understood. What...
View ArticleImproving Network Defense with the Big Picture of Cyber Intel
From the moment I stepped into the defensive computer operations (DCO) arena fifteen years ago, I noticed almost immediately an invisible but very real separation between DCO and its supporting...
View ArticleThe Power Law of the Digital Pen: Adding Fuel to the Fire of Social Change
Over five years ago, the Arab Spring demonstrated the power of the digital domain in facilitating political and social change. The role of social media – still relatively nascent globally at that point...
View ArticleClik here to view.
Shifting the Narrative to Attract More Talent into Security
When talking with women about the cybersecurity industry, we always ask, “What do you think of when you hear the term hacker?” The response invariably describes a young, shady, socially-challenged guy...
View ArticleClik here to view.
Your Package Has Been Successfully Encrypted: TeslaCrypt 4.1A and the Malware...
IntroductionRansomware quickly gained national headlines in February after the Hollywood Presbyterian Medical Center in Los Angeles paid $17,000 in bitcoins to regain access to its systems. Since...
View ArticleClik here to view.
Hunting on the Cheap, Part 1: The Architecture
As security approaches reliant on known indicators of compromise (IOCs) are increasingly failing, “assume breach” has become a common expression in the industry. Far too often, intrusions go undetected...
View ArticleClik here to view.
Hunting on Networks, Part 2: Higher-Order Patterns
In the first part of the Hunting on Cheap series, I discussed the importance of passive DNS in an adversary hunting toolkit. I detailed how an organization can set up sensors to collect passive DNS...
View ArticleClik here to view.
Hunting on the Cheap, part 3: Hunting on Hosts
In our previousposts, we focused on hunting on the cheap by collecting and analyzing data on the network. However, hunting on networks is not the only option. In fact, a richer set of data to find...
View ArticleThe Real “Weakest Link” In Security Isn’t What You Think: Why We Should...
It’s an all-too familiar story: A company reports a data breach,and there’s an immediate blame game. Inevitably, we point the finger at humans — the person who responded to that phishing email ( a fake...
View ArticleDigital Sovereignty: Multi-Stakeholder vs. Beggar-Thy-Neighbor Digital Futures
What do Yeti, ICANN, and BRICs have in common? They are emblematic of the growing international jockeying for power to shape the global digital order. Absent a global cyber regime, nation-states...
View ArticleRooting Out Hackers Before They Have a Chance to Strike
By 2006, the United States was losing two wars simultaneously in Iraq and Afghanistan, and many of the entrenched interests in the country—political, military, economic, journalistic—were whistling...
View ArticleClik here to view.
Build Safer Programs Faster with OCaml
For many internal prototypes at Endgame, we adopt an agile development process to rapidly build proof-of-concept services which can then be deployed and reiterated upon to quickly address bugs and...
View ArticleHacker's Guide to (Not) Having Your Passwords Stolen
Online credential theft has exploded in the past several years. This month alone, numerous breaches have affected millions of users of high profile websites such as LinkedIn, MySpace, vk.com, and...
View ArticleDetecting Modern Adversaries: Why Signatures Are Not Enough
Cyber intrusions are continuing unabated with no end in sight. Ransomware is on the rise, massive data breaches are announced with such regularity that the public is becoming numb to their...
View ArticleClik here to view.
ROP is Dying and Your Exploit Mitigations are on Life Support
Too often the defense community makes the mistake of focusing on the what, without truly understanding the why. This mindset often leads to the development of technologies that have limited...
View ArticleClik here to view.
Mitigating Stagefright Attacks with the ARM Performance Monitoring Unit
Last summer, Stagefright became a household name after security researcher Joshua Drake highlighted vulnerabilities in the multimedia engine in Android that goes by the same name. His BlackHat USA talk...
View ArticleClik here to view.
Some Implications of the Brexit on the Digital Domain
The policy world will spend the day shocked that the Brexiteers defeated the Remainers by 52-48%, leading Prime Minister David Cameron to promise to resign this Fall. The majority of security...
View ArticleClik here to view.
Machine Learning: You Gotta Tame the Beast Before You Let It Out of Its Cage
Machine learning is a fashionable buzzword right now in infosec, and is often referenced as the key to next-gen, signature-less security. But along with all of the hype and buzz, there also is a...
View ArticleClik here to view.
It's a Bake-off!: Navigating the Evolving World of Machine Learning Models
In our previous blog, we reviewed some of the core fundamentals in machine learning with respect to malware classification. We provided several criteria for properly evaluating a machine learning...
View ArticleVegas Hacker Summer Camp 2016: Mind the Gap
"But the real magic comes when you take the expertise that you've got in security and you translate it and you rebuild it and you reform it. Don't be afraid to take the knowledge you have and make it...
View Article