Clik here to view.
Endpoint Malware Detection for the Hunt: Real-world Considerations
In the first blog post of this series, we discussed considerations for measuring and understanding the performance of machine learning models in information security. In the second post, we compared...
View ArticleClik here to view.
Capturing Zero Day Exploits with Automated Prevention Technology
As we discussed in an earlier post, most defenses focus on the post-exploitation stage of the attack, by which point it is too late and the attacker will always maintain the advantage. Instead of...
View ArticleClik here to view.
Instegogram: Leveraging Instagram for C2 via Image Steganography
Social media sites are frequently used for stealthy malware command and control (C2). Because many hosts on most networks communicate with popular social media sites regularly, it is very easy for a C2...
View ArticleInfluencing Elections in the Digital Age
Throughout history, foreign entities have meddled in the internal affairs of other countries, including leadership duration, reputation, and elections of other countries. Whether it’s a coup receiving...
View ArticleHow Domain Expertise And AI Can Conquer The Next Generation Of Cyber Threats
No one, not even Google CEO Sundar Pichai, is immune to being hacked. And this problem isn’t going away. Cybercrime figures are increasing each year, with a reported 22% rise in breaches already in...
View ArticleClik here to view.
How to Hunt: Detecting Persistence & Evasion with the COM
After adversaries breach a system, they usually consider how they will maintain uninterrupted access through events such as system restarts. This uninterrupted access can be achieved through...
View ArticleClik here to view.
Hunting for Exploit Kits
E-mail spam and browser exploitation are two very popular avenues used by criminals to compromise computers. Most compromises result from human error, such as clicking a malicious link or downloading...
View ArticleClik here to view.
Is Hadoop Ready for Security?
Picture Source: artistsinspireartists In 2008, the number of internet-connected devices surpassed the number of people on the planet and Facebook overtook MySpace as the most popular social network....
View ArticleClik here to view.
Defeating the Latest Advances in Script Obfuscation
As the security research community develops newer and more sophisticated means for detecting and mitigating malware, malicious actors continue to look for ways to increase the size of their attack...
View ArticleHow to Hunt: The [File] Path Less Traveled
As any good hunter knows, one of the first quick-win indicators to look for is malware within designated download or temp folders. When users are targeted via spear phishing or browser based attacks,...
View ArticleIt's Time for Cyber Policy to Leapfrog to the Digital Age
InRise of the Machines, Thomas Rid details the first major digital data breach against the US government. The spy campaign began on October 7, 1996, and was later dubbed Moonlight Maze. This operation...
View ArticleClik here to view.
The Hard Thing About Safe Things
Information security needs a more accurate metaphor to represent the systems we secure. Invoking castles, fortresses and safes implies a single, at best layered, attack surface for security experts to...
View ArticleClik here to view.
Protecting the Financial Sector: Early Detection of Trojan.Odinaff
The financial sector continues to be a prime target for highly sophisticated, customized attacks for an obvious reason - that’s where the money is. Earlier this year, the SWIFT money transfer system...
View ArticleHow to Hunt: The Masquerade Ball
Masquerading was once conducted by the wealthiest elite at elaborate dances, allowing them to take on the guise of someone else and hide amidst the crowd. Today, we see digital masquerading used by the...
View ArticleClik here to view.
Endgame Research @ AISec: Deep DGA
Machine learning is often touted as a silver bullet, enabling big data to defeat cyber adversaries, or some other empty trope. Beneath the headlines, there is rigorous academic discourse and advances...
View ArticleClik here to view.
Cyber Threat Lessons Learned from Reversing the Flare-On Challenge
The FireEye Labs Advanced Reverse Engineering (FLARE) team just hosted the third annual FLARE-On Challenge, its reverse-engineering CTF. The CTF is made up of linear challenges where one must solve the...
View ArticleClik here to view.
Using Deep Learning to Detect DGAs
The presence of domain names created by a Domain Generation Algorithm (DGA) is a telling indicator of compromise. For example, the domain xeogrhxquuubt.com is a DGA generated domain created by the...
View ArticleClik here to view.
Another 0 Day: Protection from a Use-After-Free Vulnerability
A new 0day against the popular browser Firefox was revealed yesterday which specifically targets the popular “Tor Browser” project, a favorite of Tor users. The Endgame Vulnerability Research &...
View ArticleHow to Hunt: Finding the Delta
Identifying outliers or anomalous behavior depends heavily on a robust and credible understanding of those baseline characteristics within a network. Normal behavior and attributes vary significantly...
View ArticleInside Endgame's $18.8 Million Deal with US Air Force (Video)
Watch Endgame CEO Nate Fick on Bloomberg discussing the company's deal with the U.S. Air Force, the largest endpoint detection and response (EDR) deal of the year. Video of Inside Endgame's...
View Article